Description
In the Linux kernel, the following vulnerability has been resolved:

leds: qcom-lpg: Check for array overflow when selecting the high resolution

When selecting the high resolution values from the array, FIELD_GET() is
used to pull from a 3 bit register, yet the array being indexed has only
5 values in it. Odds are the hardware is sane, but just to be safe,
properly check before just overflowing and reading random data and then
setting up chip values based on that.
Published: 2026-06-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE description reports that when selecting high resolution values in the qcom-lpg LED driver, a 3‑bit register value is read with FIELD_GET and used to index a 5‑element array. Because the array contains fewer elements than the index space, an overflow can occur and the driver may read beyond the bounds of the array, resulting in memory corruption or improper configuration of the LED hardware. The vulnerability is confined to the kernel driver and does not describe any additional impact beyond memory corruption.

Affected Systems

All Linux kernel builds that include the qcom‑lpg LED driver are affected. No specific version ranges are given, so any kernel containing the unpatched source code is potentially vulnerable.

Risk and Exploitability

The EPSS score is reported as <1%, indicating a very low probability that exploitation will occur. The CVE is not listed in the CISA KEV catalog, and no public CVSS score is available. The likely attack vector is local: an attacker with access to the system would need to trigger the high‑resolution routine in the driver to exploit the array overflow, which could corrupt kernel memory. No explicit statement about privilege escalation or other secondary effects is provided in the advisory.

Generated by OpenCVE AI on June 18, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel patch that includes the fix for the qcom‑lpg array‑overflow bug
  • If patching is not possible, unload or disable the qcom‑lpg LED driver module until a fixed kernel version is available
  • Monitor kernel logs (e.g., dmesg, syslog) for unexpected LED driver errors or crashes that may indicate attempts to exploit the vulnerability

Generated by OpenCVE AI on June 18, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 12:15:00 +0000


Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELD_GET() is used to pull from a 3 bit register, yet the array being indexed has only 5 values in it. Odds are the hardware is sane, but just to be safe, properly check before just overflowing and reading random data and then setting up chip values based on that.
Title leds: qcom-lpg: Check for array overflow when selecting the high resolution
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:06:28.805Z

Reserved: 2026-05-13T15:03:33.110Z

Link: CVE-2026-46286

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:46.627

Modified: 2026-06-08T17:16:46.627

Link: CVE-2026-46286

cve-icon Redhat

Severity :

Publid Date: 2026-06-08T00:00:00Z

Links: CVE-2026-46286 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T15:15:03Z

Weaknesses