Description
In the Linux kernel, the following vulnerability has been resolved:

greybus: gb-beagleplay: bound bootloader receive buffering

cc1352_bootloader_rx() appends each serdev chunk into the fixed
rx_buffer before parsing bootloader packets. The helper can keep
leftover bytes between callbacks and may receive multiple packets in one
callback, so a single count value is not constrained by one packet
length.

Check that the incoming chunk fits in the remaining receive buffer space
before memcpy(). If it does not, drop the staged data and consume the
bytes instead of overflowing rx_buffer.
Published: 2026-06-09
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The kernel's greybus module incorrectly concatenates incoming serial device data into a fixed‑size receive buffer without checking that the combined length fits the buffer. This flaw could allow attackers to overflow the buffer, leading to arbitrary memory corruption or code execution. The vulnerability was addressed by adding bounds checks before copying data.

Affected Systems

The issue affects Linux kernel builds that include the greybus driver, which is used on BeaglePlay and similar devices. No specific kernel versions are listed, but any kernel that incorporates the buggy cc1352_bootloader_rx implementation is susceptible.

Risk and Exploitability

The defect is a classic buffer overflow (CWE‑120). The exploit requires the ability to send crafted data over the bootloader UART interface, which could be via local physical access or compromised firmware control. No public exploit has been reported and the EPSS score is not available, so the likelihood of exploitation remains uncertain. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 9, 2026 at 14:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that contains the fixed bounds-check in cc1352_bootloader_rx.
  • Reboot to ensure the updated kernel is active.
  • If immediate updating is not possible, unload the greybus module or restrict access to the UART bootloader interface to trusted users.

Generated by OpenCVE AI on June 9, 2026 at 14:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352_bootloader_rx() appends each serdev chunk into the fixed rx_buffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may receive multiple packets in one callback, so a single count value is not constrained by one packet length. Check that the incoming chunk fits in the remaining receive buffer space before memcpy(). If it does not, drop the staged data and consume the bytes instead of overflowing rx_buffer.
Title greybus: gb-beagleplay: bound bootloader receive buffering
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-09T12:36:00.450Z

Reserved: 2026-05-13T15:03:33.113Z

Link: CVE-2026-46332

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T14:16:42.817

Modified: 2026-06-09T14:16:42.817

Link: CVE-2026-46332

cve-icon Redhat

Severity :

Publid Date: 2026-06-09T00:00:00Z

Links: CVE-2026-46332 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T15:00:07Z

Weaknesses