CVE-2026-46205 - Vulnerability Details

- staging: media: atomisp: Disallow all private IOCTLs

Description

In the Linux kernel, the following vulnerability has been resolved:

staging: media: atomisp: Disallow all private IOCTLs

Disallow all private IOCTLs. These aren't quite as safe as one could
assume of IOCTL handlers; disable them for now. Instead of removing the
code, return in the beginning of the function if cmd is non-zero in order
to keep static checkers happy.

Published: 2026-05-28

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s atomisp driver, part of the staging media subsystem, contained private IOCTL handlers that were not protected by adequate access control checks. Based on the description, it is inferred that these handlers could be invoked with arbitrary command values, exposing the kernel to a potential privilege escalation or arbitrary code execution if exploited. The patch simply disables all private IOCTLs, preventing any misuse. This weakness is a classic example of CWE‑267, insufficient authentication/authorization (as identified by NVD).

Affected Systems

This vulnerability affects all Linux kernel installations that include the atomisp driver code. No specific kernel version range is supplied, so any kernel build containing the staged atomisp module could be impacted.

Risk and Exploitability

The EPSS score of less than 1% indicates a very low but non‑zero likelihood of exploitation. Based on the description, it is inferred that the flaw requires local or privileged access to the device node that exposes the atomisp driver, and could allow an attacker to run arbitrary code at kernel privilege. The CVSS score of 7.8 reflects a high‑severity risk. The vulnerability is not listed in the CISA KEV catalog.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`a49d25364dfb9f8a64037488a39ab1f56c5fa419`	affected	< 51b8dc5163d2ff2bf04019f8bf7e3bd0e75bb654
`ad85094b293e40e7a2f831b0311a389d952ebd5e`	affected	< 64e85679beafe082fc2e70a557ec356c7fd27548
`ad85094b293e40e7a2f831b0311a389d952ebd5e`	affected	< 8774f8cb661f57ae43cc3bc0509d16ef1f406e45
`ad85094b293e40e7a2f831b0311a389d952ebd5e`	affected	< ceb1b5f910e58986ea544ff8c9c2f23ae9a52414
`ad85094b293e40e7a2f831b0311a389d952ebd5e`	affected	< 8c7a281a99224a5b9af99c4dcd98d68eea75926c
`ad85094b293e40e7a2f831b0311a389d952ebd5e`	affected	< 6f1ce75a75c65061e7a720c3d0ee5f8adab7a2d3
`ad85094b293e40e7a2f831b0311a389d952ebd5e`	affected	< c7848b67ef10f581114b6a2f52b160fc20eb52c9
`ad85094b293e40e7a2f831b0311a389d952ebd5e`	affected	< 6850a439f8d23d4979624f1d6880d3118d473a28
`ad85094b293e40e7a2f831b0311a389d952ebd5e`	affected	< 2b7eb2c5dc72f0fc954ac4aa155f9e285e937f7c

Linux

affected

Version	Status	Constraints
`4.12`	affected	—
`5.8`	affected	—
`0`	unaffected	< 4.12
`4.18`	unaffected	< 5.8
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.140`	unaffected	≤ 6.6.*
`6.12.90`	unaffected	≤ 6.12.*
`6.18.32`	unaffected	≤ 6.18.*
`7.0.9`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[a49d25364dfb9f8a64037488a39ab1f56c5fa419,8c7a281a99224a5b9af99c4dcd98d68eea75926c)`	affected	code_commit	—
`[a49d25364dfb9f8a64037488a39ab1f56c5fa419,6f1ce75a75c65061e7a720c3d0ee5f8adab7a2d3)`	affected	code_commit	—
`[a49d25364dfb9f8a64037488a39ab1f56c5fa419,c7848b67ef10f581114b6a2f52b160fc20eb52c9)`	affected	code_commit	—
`[a49d25364dfb9f8a64037488a39ab1f56c5fa419,6850a439f8d23d4979624f1d6880d3118d473a28)`	affected	code_commit	—
`[a49d25364dfb9f8a64037488a39ab1f56c5fa419,2b7eb2c5dc72f0fc954ac4aa155f9e285e937f7c)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.12`	affected	generic	—
`[0,4.12)`	unaffected	generic	—
`[6.6.140,6.7.0)`	unaffected	semver	—
`[6.12.90,6.13.0)`	unaffected	semver	—
`[6.18.32,6.19.0)`	unaffected	semver	—
`[7.0.9,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a release that contains the atomisp patch that disables private IOCTLs.
Restrict permissions on /dev/atomisp* device nodes so that only privileged users can access them.
Configure the system to alert on abnormal ioctl usage to the atomisp device, setting thresholds for unexpected commands.

Generated by OpenCVE AI on June 10, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00141.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2b7eb2c5dc72f0fc954ac4aa155f9e285e937f7c
https://git.kernel.org/stable/c/51b8dc5163d2ff2bf04019f8bf7e3bd0e75bb654
https://git.kernel.org/stable/c/64e85679beafe082fc2e70a557ec356c7fd27548
https://git.kernel.org/stable/c/6850a439f8d23d4979624f1d6880d3118d473a28
https://git.kernel.org/stable/c/6f1ce75a75c65061e7a720c3d0ee5f8adab7a2d3
https://git.kernel.org/stable/c/8774f8cb661f57ae43cc3bc0509d16ef1f406e45
https://git.kernel.org/stable/c/8c7a281a99224a5b9af99c4dcd98d68eea75926c
https://git.kernel.org/stable/c/c7848b67ef10f581114b6a2f52b160fc20eb52c9
https://git.kernel.org/stable/c/ceb1b5f910e58986ea544ff8c9c2f23ae9a52414
https://lore.kernel.org/linux-cve-announce/2026052833-CVE-2026-46205-24bf@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46205
https://www.cve.org/CVERecord?id=CVE-2026-46205

History

Mon, 15 Jun 2026 10:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/51b8dc5163d2ff2bf04019f8bf7e3bd0e75bb654

Wed, 10 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Mon, 01 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/64e85679beafe082fc2e70a557ec356c7fd27548 https://git.kernel.org/stable/c/8774f8cb661f57ae43cc3bc0509d16ef1f406e45 https://git.kernel.org/stable/c/ceb1b5f910e58986ea544ff8c9c2f23ae9a52414

Sat, 30 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 29 May 2026 04:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-269 CWE-732

Fri, 29 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-267
References		https://lore.kernel.org/linux-cve-announce/2026052833-CVE-2026-46205-24bf@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46205 https://www.cve.org/CVERecord?id=CVE-2026-46205

Thu, 28 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-269 CWE-732

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in the beginning of the function if cmd is non-zero in order to keep static checkers happy.
Title		staging: media: atomisp: Disallow all private IOCTLs
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2b7eb2c5dc72f0fc954ac4aa155f9e285e937f7c https://git.kernel.org/stable/c/6850a439f8d23d4979624f1d6880d3118d473a28 https://git.kernel.org/stable/c/6f1ce75a75c65061e7a720c3d0ee5f8adab7a2d3 https://git.kernel.org/stable/c/8c7a281a99224a5b9af99c4dcd98d68eea75926c https://git.kernel.org/stable/c/c7848b67ef10f581114b6a2f52b160fc20eb52c9

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:40:23.117Z

Updated: 2026-06-15T08:03:26.847Z

Reserved: 2026-05-13T15:03:33.105Z

Link: CVE-2026-46205

Vulnrichment

No data.

NVD

Status : Modified

Published: 2026-05-28T10:16:36.153

Modified: 2026-06-15T10:16:28.573

Link: CVE-2026-46205

Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46205 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-10T18:30:36Z

Weaknesses

CWE-267
Privilege Defined With Unsafe Actions
NVD-CWE-noinfo

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object