CVE-2026-46016 - Vulnerability Details

- remoteproc: xlnx: Only access buffer information if IPI is buffered

Description

In the Linux kernel, the following vulnerability has been resolved:

remoteproc: xlnx: Only access buffer information if IPI is buffered

In the receive callback check if message is NULL to prevent
possibility of crash by NULL pointer dereferencing.

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability exists in the remoteproc driver for Xilinx SoCs, where a receive callback accessed buffer information without first confirming that the incoming message was non‑NULL. This unchecked dereference can trigger a kernel panic, effectively causing a denial‑of‑service condition. The weakness is a classic null‑pointer dereference, classified as CWE‑476.

Affected Systems

All Linux kernel releases that contain the remoteproc/xlnx driver without the patch are affected. No specific version range is listed, so any kernel version prior to the application of the fix should be considered vulnerable.

Risk and Exploitability

The issue has not been demonstrated in public exploits and is not listed in CISA’s KEV catalog. Exploitation would require an attacker to send a crafted IPI message that results in a NULL pointer dereference, leading to a crash. While no elevation of privilege or remote code execution is implied, the potential for a kernel panic provides a moderate risk, especially in environments where IPI traffic can be manipulated. No EPSS score is available, so the likelihood of exploitation cannot be quantified precisely.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`5dfb28c257b7c515624ba6b163410ceada451bf2`	affected	< 5d1451cb2cf6f3d9884d76035a1460aa9bb4b053
`5dfb28c257b7c515624ba6b163410ceada451bf2`	affected	< 7ddbf21116770b7011f2bb0a6056b7604b24c497
`5dfb28c257b7c515624ba6b163410ceada451bf2`	affected	< 06d0bed2552fd0dae27d374d4492a2b672e24eed
`5dfb28c257b7c515624ba6b163410ceada451bf2`	affected	< 8242579859a78c801bb626e9aa4823aca93e28e7
`5dfb28c257b7c515624ba6b163410ceada451bf2`	affected	< 38dd6ccfdfbbe865569a52fe1ba9fa1478f672e6

Linux

affected

Version	Status	Constraints
`6.4`	affected	—
`0`	unaffected	< 6.4
`6.6.140`	unaffected	≤ 6.6.*
`6.12.86`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the kernel to a version that contains the null‑pointer check in remoteproc/xlnx (see the commits referenced in the advisory).
If an upgrade is not immediately possible, manually apply the patch that adds the NULL check to the receive callback, using the patch files linked in the advisory.
If the Xilinx remoteproc IPI functionality is not required, disable or restrict its use to reduce the attack surface.

Generated by OpenCVE AI on May 27, 2026 at 18:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/06d0bed2552fd0dae27d374d4492a2b672e24eed
https://git.kernel.org/stable/c/38dd6ccfdfbbe865569a52fe1ba9fa1478f672e6
https://git.kernel.org/stable/c/5d1451cb2cf6f3d9884d76035a1460aa9bb4b053
https://git.kernel.org/stable/c/7ddbf21116770b7011f2bb0a6056b7604b24c497
https://git.kernel.org/stable/c/8242579859a78c801bb626e9aa4823aca93e28e7

History

Wed, 27 May 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing.
Title		remoteproc: xlnx: Only access buffer information if IPI is buffered
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/06d0bed2552fd0dae27d374d4492a2b672e24eed https://git.kernel.org/stable/c/38dd6ccfdfbbe865569a52fe1ba9fa1478f672e6 https://git.kernel.org/stable/c/5d1451cb2cf6f3d9884d76035a1460aa9bb4b053 https://git.kernel.org/stable/c/7ddbf21116770b7011f2bb0a6056b7604b24c497 https://git.kernel.org/stable/c/8242579859a78c801bb626e9aa4823aca93e28e7

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:56:17.970Z

Updated: 2026-05-27T12:56:17.970Z

Reserved: 2026-05-13T15:03:33.092Z

Link: CVE-2026-46016

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:20.010

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46016

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T18:45:39Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object