CVE-2026-46091 - Vulnerability Details

- media: rc: igorplugusb: heed coherency rules

Description

In the Linux kernel, the following vulnerability has been resolved:

media: rc: igorplugusb: heed coherency rules

In a control request, the USB request structure
can be subject to DMA on some HCs. Hence it must obey
the rules for DMA coherency. Allocate it separately.

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The defect lies in the media rc igorplugusb subsystem of the Linux kernel. When a USB device generates a control request, the kernel uses a request structure that may be accessed via DMA by certain host controllers. The code allocates this structure in ordinary memory, violating DMA coherency requirements, a weakness classified as both CWE‑788 (Use of Uninitialized or Improperly Initialized Data) and CWE‑821. This oversight can let a malicious USB device cause the host controller to read or write stale or incorrect data, leading to kernel memory corruption, which in turn threatens system stability and confidentiality.

Affected Systems

Linux kernel builds that include the media rc igorplugusb driver are affected. The kernel source contains the vulnerability before the patch commit 0adac0ee2c42027d80bac02ea9b576a88f8955d3. Administrators should consider any kernel that has not yet applied this fix as potentially vulnerable, since no specific version range is detailed.

Risk and Exploitability

No public CVSS or EPSS rating is available, and the flaw is not listed in the CISA KEV catalog, indicating no known active exploitation. Nonetheless, a local attacker or an adversary with USB access to the host can craft control requests that trigger the flaw, potentially causing memory corruption. The lack of publicly disclosed exploits suggests the risk is moderate until the patch is deployed.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< 18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< 0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< 0adac0ee2c42027d80bac02ea9b576a88f8955d3
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< a62ca67e3c72fb297dc7c86495ba8f7329d7f150
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< eac69475b01fe1e861dfe3960b57fa95671c132e

Linux

affected

Version	Status	Constraints
`3.19`	affected	—
`0`	unaffected	< 3.19
`6.6.140`	unaffected	≤ 6.6.*
`6.12.86`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[b1c97193c6437a6083da67f8e97c8ee29b2f1989,18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a)`	affected	code_commit	—
`[b1c97193c6437a6083da67f8e97c8ee29b2f1989,0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc)`	affected	code_commit	—
`[b1c97193c6437a6083da67f8e97c8ee29b2f1989,0adac0ee2c42027d80bac02ea9b576a88f8955d3)`	affected	code_commit	—
`[b1c97193c6437a6083da67f8e97c8ee29b2f1989,a62ca67e3c72fb297dc7c86495ba8f7329d7f150)`	affected	code_commit	—
`[b1c97193c6437a6083da67f8e97c8ee29b2f1989,eac69475b01fe1e861dfe3960b57fa95671c132e)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`3.19`	affected	generic	—
`[0,3.19)`	unaffected	generic	—
`[6.6.140,6.7.0)`	unaffected	semver	—
`[6.12.86,6.13.0)`	unaffected	semver	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the upstream kernel patch commit 0adac0ee2c42027d80bac02ea9b576a88f8955d3 that enforces DMA‑coherent allocation for the IgorplugUSB request structure.
Rebuild and install the updated kernel, ensuring the patch is included in the kernel image.
Disable or restrict the use of IgorplugUSB devices until the kernel has been updated to remove the vulnerability, as a temporary mitigation.

Generated by OpenCVE AI on May 28, 2026 at 02:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0adac0ee2c42027d80bac02ea9b576a88f8955d3
https://git.kernel.org/stable/c/0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc
https://git.kernel.org/stable/c/18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a
https://git.kernel.org/stable/c/a62ca67e3c72fb297dc7c86495ba8f7329d7f150
https://git.kernel.org/stable/c/eac69475b01fe1e861dfe3960b57fa95671c132e
https://lore.kernel.org/linux-cve-announce/2026052703-CVE-2026-46091-fb17@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46091
https://www.cve.org/CVERecord?id=CVE-2026-46091

History

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-821
References		https://lore.kernel.org/linux-cve-announce/2026052703-CVE-2026-46091-fb17@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46091 https://www.cve.org/CVERecord?id=CVE-2026-46091

Wed, 27 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-788

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for DMA coherency. Allocate it separately.
Title		media: rc: igorplugusb: heed coherency rules
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0adac0ee2c42027d80bac02ea9b576a88f8955d3 https://git.kernel.org/stable/c/0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc https://git.kernel.org/stable/c/18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a https://git.kernel.org/stable/c/a62ca67e3c72fb297dc7c86495ba8f7329d7f150 https://git.kernel.org/stable/c/eac69475b01fe1e861dfe3960b57fa95671c132e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:58:35.422Z

Updated: 2026-05-27T12:58:35.422Z

Reserved: 2026-05-13T15:03:33.097Z

Link: CVE-2026-46091

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:30.647

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46091

Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46091 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T02:45:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object