CVE-2026-46142 - Vulnerability Details

- net: libwx: fix VF illegal register access

Description

In the Linux kernel, the following vulnerability has been resolved:

net: libwx: fix VF illegal register access

Register WX_CFG_PORT_ST is a PF restricted register. When a VF is
initialized, attempting to read this register triggers an illegal
register access, which lead to a system hang.

When the device is VF, the bus function ID can be obtained directly from
the PCI_FUNC(pdev->devfn).

Published: 2026-05-28

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises when a virtual function (VF) attempts to read a PF‑restricted register in the Linux kernel’s libwx subsystem. This illegal register access triggers a fault that can cause the system to hang, effectively denying service to all running workloads.

Affected Systems

Linux kernel images that include the libwx driver are impacted; the specific affected releases are not listed in the data, so any kernel version that incorporates this code path may be vulnerable.

Risk and Exploitability

No CVSS score or EPSS information is provided, and the vulnerability is not listed in CISA’s KEV catalog. The flaw requires the ability to initialize a VF, which implies a privileged context or a poorly secured virtual function environment. Because the attack leads to a system crash rather than data exfiltration, the risk is primarily availability. Without exploit metrics, the likelihood of exploitation is uncertain, but a privileged attacker who can manipulate virtual functions could readily trigger the failure.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`d4187ec2641061748480cdc944fd07653fad50d5`	affected	< d3bd8040497968f6f5470018724ef7b0df92f707
`f0b3ecdbb5bbee8ca6b2892aba3988c8a3ce858e`	affected	< f6e656f7cea16b638675a2ab7d7e4cf2516c5eb0
`a04ea57aae375bdda1cb57034d8bcbb351e1f973`	affected	< 33c5bb50b9c40e8451e6aec4487a31d794b98d92
`a04ea57aae375bdda1cb57034d8bcbb351e1f973`	affected	< 68a007a701bc06fa426507c551ef12514f2e721d
`a04ea57aae375bdda1cb57034d8bcbb351e1f973`	affected	< 694de316f607fe2473d52ca0707e3918e72c1562
`93e52b75f11a8f39b22993ae315b5b9a6b2668a3`	affected	—
`6.6.117`	affected	< 6.6.140
`6.12.58`	affected	< 6.12.88
`6.17.8`	affected	< 6.18

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.6.140`	unaffected	≤ 6.6.*
`6.12.88`	unaffected	≤ 6.12.*
`6.18.30`	unaffected	≤ 6.18.*
`7.0.7`	unaffected	≤ 7.0.*
`7.1-rc3`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[d4187ec2641061748480cdc944fd07653fad50d5,d3bd8040497968f6f5470018724ef7b0df92f707)`	affected	code_commit	—
`[f0b3ecdbb5bbee8ca6b2892aba3988c8a3ce858e,f6e656f7cea16b638675a2ab7d7e4cf2516c5eb0)`	affected	code_commit	—
`[a04ea57aae375bdda1cb57034d8bcbb351e1f973,33c5bb50b9c40e8451e6aec4487a31d794b98d92)`	affected	code_commit	—
`[a04ea57aae375bdda1cb57034d8bcbb351e1f973,68a007a701bc06fa426507c551ef12514f2e721d)`	affected	code_commit	—
`[a04ea57aae375bdda1cb57034d8bcbb351e1f973,694de316f607fe2473d52ca0707e3918e72c1562)`	affected	code_commit	—
`93e52b75f11a8f39b22993ae315b5b9a6b2668a3`	affected	code_commit	—
`[6.6.117,6.6.140)`	affected	semver	—
`[6.12.58,6.12.88)`	affected	semver	—
`[6.17.8,6.18)`	affected	semver	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	semver	—
`[0,6.18)`	unaffected	semver	—
`[6.6.140,6.7.0)`	unaffected	semver	—
`[6.12.88,6.13.0)`	unaffected	semver	—
`[6.18.30,6.19.0)`	unaffected	semver	—
`[7.0.7,7.1.0)`	unaffected	semver	—
`[7.1-rc3,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the latest Linux kernel release containing the libwx patch that removes the illegal register read.
If a full kernel upgrade is not immediately possible, apply the specific patch that fixes the libwx register access bug.
Ensure that creation and configuration of virtual functions is restricted to trusted administrators to reduce the attack surface until the upstream fix is applied.

Generated by OpenCVE AI on May 28, 2026 at 11:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/33c5bb50b9c40e8451e6aec4487a31d794b98d92
https://git.kernel.org/stable/c/68a007a701bc06fa426507c551ef12514f2e721d
https://git.kernel.org/stable/c/694de316f607fe2473d52ca0707e3918e72c1562
https://git.kernel.org/stable/c/d3bd8040497968f6f5470018724ef7b0df92f707
https://git.kernel.org/stable/c/f6e656f7cea16b638675a2ab7d7e4cf2516c5eb0

History

Thu, 28 May 2026 12:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-269

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix VF illegal register access Register WX_CFG_PORT_ST is a PF restricted register. When a VF is initialized, attempting to read this register triggers an illegal register access, which lead to a system hang. When the device is VF, the bus function ID can be obtained directly from the PCI_FUNC(pdev->devfn).
Title		net: libwx: fix VF illegal register access
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/33c5bb50b9c40e8451e6aec4487a31d794b98d92 https://git.kernel.org/stable/c/68a007a701bc06fa426507c551ef12514f2e721d https://git.kernel.org/stable/c/694de316f607fe2473d52ca0707e3918e72c1562 https://git.kernel.org/stable/c/d3bd8040497968f6f5470018724ef7b0df92f707 https://git.kernel.org/stable/c/f6e656f7cea16b638675a2ab7d7e4cf2516c5eb0

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:35:57.837Z

Updated: 2026-05-28T09:35:57.837Z

Reserved: 2026-05-13T15:03:33.100Z

Link: CVE-2026-46142

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:29.790

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46142

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-28T12:45:06Z

Weaknesses

CWE-269

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object