Description
In the Linux kernel, the following vulnerability has been resolved:

leds: qcom-lpg: Check for array overflow when selecting the high resolution

When selecting the high resolution values from the array, FIELD_GET() is
used to pull from a 3 bit register, yet the array being indexed has only
5 values in it. Odds are the hardware is sane, but just to be safe,
properly check before just overflowing and reading random data and then
setting up chip values based on that.
Published: 2026-06-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel’s qcom‑lpg LED driver, a mismatch occurs between the three‑bit register read via FIELD_GET and the five‑element array that is indexed without bounds checking. This flaw can cause the driver to read past the array, configuring the chip with arbitrary data and potentially corrupting system state or destabilizing the device.

Affected Systems

All Linux kernel installations that include the unpatched qcom‑lpg LED driver are affected. The vulnerability applies to any kernel version containing the buggy source, regardless of vendor, and the advisory does not specify particular affected releases.

Risk and Exploitability

The CVSS score is not provided and EPSS data is unavailable, showing no public exploitation data. The flaw does not require special privileges beyond local execution. It is inferred that a local attacker could trigger the high‑resolution function with crafted input, leading to memory corruption, device instability, or denial of service. Because the kernel context is privileged, this could elevate the impact of a local attack. The vulnerability is not listed in CISA KEV, indicating no known widely used exploit.

Generated by OpenCVE AI on June 8, 2026 at 19:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel patch that fixes the qcom‑lpg array‑overflow bug
  • Unload or blacklist the qcom‑lpg LED driver module if a kernel upgrade cannot be performed
  • Monitor kernel logs for LED driver failures or crashes that may indicate attempts to exploit the vulnerability

Generated by OpenCVE AI on June 8, 2026 at 19:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELD_GET() is used to pull from a 3 bit register, yet the array being indexed has only 5 values in it. Odds are the hardware is sane, but just to be safe, properly check before just overflowing and reading random data and then setting up chip values based on that.
Title leds: qcom-lpg: Check for array overflow when selecting the high resolution
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-09T07:37:26.278Z

Reserved: 2026-05-13T15:03:33.110Z

Link: CVE-2026-46286

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:46.627

Modified: 2026-06-08T17:16:46.627

Link: CVE-2026-46286

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T19:30:06Z

Weaknesses

No weakness.