Description
In the Linux kernel, the following vulnerability has been resolved:

hwmon: (powerz) Avoid cacheline sharing for DMA buffer

Depending on the architecture the transfer buffer may share a cacheline
with the following mutex. As the buffer may be used for DMA, that is
problematic.

Use the high-level DMA helpers to make sure that cacheline sharing can
not happen.

Also drop the comment, as the helpers are documentation enough.

https://sashiko.dev/#/message/20260408175814.934BFC19421%40smtp.kernel.org
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The change fixes a race condition where a DMA buffer could share a cacheline with a mutex. Because the buffer is used for direct memory access, the shared cacheline can lead to inconsistent reads or writes if the mutex is concurrently accessed. The affected weakness is a classic race condition that may corrupt kernel data structures if exploited.

Affected Systems

All Linux kernel builds that include the vulnerable DMA buffer handling code and that allow a cacheline to be shared between a DMA buffer and a mutex are potentially impacted. The CVE does not list specific kernel versions, so any release prior to the inclusion of this patch may be at risk.

Risk and Exploitability

The CVSS score is not provided and the EPSS score is not available, so the quantitative severity is unknown. The flaw likely requires privileged access or a malicious DMA controller that can target the kernel buffer to trigger the race. No public exploit is known, and the vulnerability is not included in CISA KEV, but the potential for memory corruption makes the risk significant if an attacker can orchestrate concurrent DMA and mutex activity.

Generated by OpenCVE AI on May 27, 2026 at 20:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that incorporates the DMA helper changes to prevent cacheline sharing
  • Rebuild or reload the hwmon: powerz driver module so it links against the updated DMA helper code
  • If upgrading the kernel or rebuilding the module is not an option, disable the powerz hwmon interface on the affected system or restrict its access to privileged users only

Generated by OpenCVE AI on May 27, 2026 at 20:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Avoid cacheline sharing for DMA buffer Depending on the architecture the transfer buffer may share a cacheline with the following mutex. As the buffer may be used for DMA, that is problematic. Use the high-level DMA helpers to make sure that cacheline sharing can not happen. Also drop the comment, as the helpers are documentation enough. https://sashiko.dev/#/message/20260408175814.934BFC19421%40smtp.kernel.org
Title hwmon: (powerz) Avoid cacheline sharing for DMA buffer
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:56:06.623Z

Reserved: 2026-05-13T15:03:33.092Z

Link: CVE-2026-46007

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:18.470

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46007

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T20:30:40Z

Weaknesses