CVE-2026-46177— Linux kernel 安全漏洞
Possible ATT&CK Techniques 1AI
T1496 · Resource HijackingAffected Version Matrix 12
| ベンダー | プロダクト | Version Range | ステータス |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 67c44e0deba936d5edaebea356b4589eb43acb5c | affected |
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< e20212b431bef217d3886b86bbc90cc3ed00de68 | affected | ||
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 3d37d2165df9504ea99d9e6181552dc4d2d1ab37 | affected | ||
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< c024167fb00489baee08c72182ca2e7dc5fb9f20 | affected | ||
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< c4cca236968683eb0d59abfb12d5c7e4d8514227 | affected | ||
2.6.12 | affected | ||
< 2.6.12 | unaffected | ||
6.6.140≤ 6.6.* | unaffected | ||
| … +4 more rows | |||
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2026-46177の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
ipmi: Add limits to event and receive message requests
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: ipmi: Add limits to event and receive message requests The driver would just fetch events and receive messages until the BMC said it was done. To avoid issues with BMCs that never say they are done, add a limit of 10 fetches at a time. In addition, an si interface has an attn state it can return from the hardware which is supposed to cause a flag fetch to see if the driver needs to fetch events or message or a few other things. If the attn bit gets stuck, it's a similar problem. So allow messages in between flag fetches so the driver itself doesn't get stuck. This is a more general fix than the previous fix for the specific bad BMC, but should fix the more general issue of a BMC that won't stop saying it has data. This has been there from the beginning of the driver. It's not a bug per-se, but it is accounting for bugs in BMCs.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于ipmi事件和接收消息请求未限制,可能导致BMC无限获取数据。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2026-46177の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2026-46177のインテリジェンス情報
请登录查看更多情报信息。
CVE-2026-46177 补丁与修复 (5)
Same Patch Batch · Linux · 2026-05-28 · 138 CVEs total
| CVE-2026-46135 | 9.8 CRITICAL | nvmet-tcp: fix race between ICReq handling and queue teardown |
| CVE-2026-46137 | 9.8 CRITICAL | mptcp: pm: ADD_ADDR rtx: fix potential data-race |
| CVE-2026-46195 | 9.8 CRITICAL | smb: client: validate dacloffset before building DACL pointers |
| CVE-2026-46115 | 9.8 CRITICAL | block: add pgmap check to biovec_phys_mergeable |
| CVE-2026-46119 | 9.1 CRITICAL | libceph: Fix slab-out-of-bounds access in auth message processing |
| CVE-2026-46185 | 9.1 CRITICAL | smb/client: fix out-of-bounds read in symlink_data() |
| CVE-2026-46155 | 9.1 CRITICAL | smb/client: fix out-of-bounds read in smb2_compound_op() |
| CVE-2026-46166 | 8.8 HIGH | wifi: mac80211: use safe list iteration in radar detect work |
| CVE-2026-46174 | 8.8 HIGH | x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache |
| CVE-2026-46125 | 8.8 HIGH | wifi: mac80211: remove station if connection prep fails |
| CVE-2026-46238 | 8.8 HIGH | batman-adv: stop caching unowned originator pointers in BAT IV |
| CVE-2026-46152 | 8.8 HIGH | wifi: mac80211: drop stray 'static' from fast-RX rx_result |
| CVE-2026-46212 | 8.8 HIGH | batman-adv: bla: prevent use-after-free when deleting claims |
| CVE-2026-46113 | 8.8 HIGH | KVM: x86: Fix shadow paging use-after-free due to unexpected GFN |
| CVE-2026-46198 | 8.8 HIGH | batman-adv: fix integer overflow on buff_pos |
| CVE-2026-46138 | 8.1 HIGH | Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt |
| CVE-2026-46232 | 8.1 HIGH | HID: playstation: Clamp num_touch_reports |
| CVE-2026-46201 | 7.8 HIGH | drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() |
| CVE-2026-46181 | 7.8 HIGH | RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() |
| CVE-2026-46145 | 7.8 HIGH | RDMA/mana: Validate rx_hash_key_len |
Showing 20 of 138 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Linux
- CVE-2026-46242
eventpoll: fix ep_remove struct eventpoll / struct file UAF - CVE-2026-46241
spi: mpc52xx: fix use-after-free on registration failure - CVE-2026-46239
media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl - CVE-2026-46240
media: iris: Fix use-after-free in iris_release_internal_buf - CVE-2026-46238
batman-adv: stop caching unowned originator pointers in BAT
同じベンダー: Linux
- CVE-2026-46242
eventpoll: fix ep_remove struct eventpoll / struct file UAF - CVE-2026-46241
spi: mpc52xx: fix use-after-free on registration failure - CVE-2026-46239
media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl - CVE-2026-46240
media: iris: Fix use-after-free in iris_release_internal_buf - CVE-2026-46238
batman-adv: stop caching unowned originator pointers in BAT
V. CVE-2026-46177へのコメント
まだコメントはありません