DEBIAN-CVE-2026-46034

Source
https://security-tracker.debian.org/tracker/CVE-2026-46034
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-46034.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2026-46034
Upstream
Published
2026-05-27T14:17:22.463Z
Modified
2026-06-17T17:00:31.409193272Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger(). Without this check, userspace can trigger a NULL pointer dereference by calling VFIODEVICESETIRQS with VFIOIRQSETDATABOOL or VFIOIRQSETDATANONE flags before ever setting up interrupts via VFIOIRQSETDATAEVENTFD. The vfiocdxmsienable() function allocates the cdxirqs array and sets configmsi to 1 only when called through the EVENTFD path. The trigger loop (for DATABOOL/DATANONE) assumed this had already been done, but there was no enforcement of this call ordering. This matches the protection used in the PCI VFIO driver where vfiopcisetmsitrigger() checks irqis() before the trigger loop.

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source&distro=trixie

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.86-1

Affected versions

6.*
6.12.38-1
6.12.41-1
6.12.43-1~bpo12+1
6.12.43-1
6.12.48-1
6.12.57-1~bpo12+1
6.12.57-1
6.12.63-1~bpo12+1
6.12.63-1
6.12.69-1~bpo12+1
6.12.69-1
6.12.73-1~bpo12+1
6.12.73-1
6.12.74-1
6.12.74-2~bpo12+1
6.12.74-2
6.12.85-1~bpo12+1
6.12.85-1
6.12.86-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-46034.json"

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source&distro=forky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.4-1

Affected versions

6.*
6.12.38-1
6.12.41-1
6.12.43-1~bpo12+1
6.12.43-1
6.12.48-1
6.12.57-1~bpo12+1
6.12.57-1
6.12.63-1~bpo12+1
6.12.63-1
6.12.69-1~bpo12+1
6.12.69-1
6.12.73-1~bpo12+1
6.12.73-1
6.12.74-1
6.12.74-2~bpo12+1
6.12.74-2
6.12.85-1~bpo12+1
6.12.85-1
6.12.86-1~bpo12+1
6.12.86-1
6.12.88-1~bpo12+1
6.12.88-1
6.12.90-1~bpo12+1
6.12.90-1
6.12.90-2~bpo12+1
6.12.90-2
6.13~rc6-1~exp1
6.13~rc7-1~exp1
6.13.2-1~exp1
6.13.3-1~exp1
6.13.4-1~exp1
6.13.5-1~exp1
6.13.6-1~exp1
6.13.7-1~exp1
6.13.8-1~exp1
6.13.9-1~exp1
6.13.10-1~exp1
6.13.11-1~exp1
6.14.3-1~exp1
6.14.5-1~exp1
6.14.6-1~exp1
6.15~rc7-1~exp1
6.15-1~exp1
6.15.1-1~exp1
6.15.2-1~exp1
6.15.3-1~exp1
6.15.4-1~exp1
6.15.5-1~exp1
6.15.6-1~exp1
6.16~rc7-1~exp1
6.16-1~exp1
6.16.1-1~exp1
6.16.3-1~bpo13+1
6.16.3-1
6.16.5-1
6.16.6-1
6.16.7-1
6.16.8-1
6.16.9-1
6.16.10-1
6.16.11-1
6.16.12-1~bpo13+1
6.16.12-1
6.16.12-2
6.17.2-1~exp1
6.17.5-1~exp1
6.17.6-1
6.17.7-1
6.17.7-2
6.17.8-1~bpo13+1
6.17.8-1
6.17.9-1
6.17.10-1
6.17.11-1
6.17.12-1
6.17.13-1~bpo13+1
6.17.13-1
6.18~rc4-1~exp1
6.18~rc4-1~exp2
6.18~rc5-1~exp1
6.18~rc6-1~exp1
6.18~rc7-1~exp1
6.18.1-1~exp1
6.18.2-1~exp1
6.18.3-1
6.18.5-1~bpo13+1
6.18.5-1
6.18.8-1
6.18.9-1~bpo13+1
6.18.9-1
6.18.10-1
6.18.12-1~bpo13+1
6.18.12-1
6.18.13-1
6.18.14-1
6.18.15-1~bpo13+1
6.18.15-1
6.19~rc4-1~exp1
6.19~rc5-1~exp1
6.19~rc6-1~exp1
6.19~rc7-1~exp1
6.19~rc8-1~exp1
6.19-1~exp1
6.19.2-1~exp1
6.19.3-1~exp1
6.19.4-1~exp1
6.19.5-1~exp1
6.19.6-1
6.19.6-2~bpo13+1
6.19.6-2
6.19.8-1~bpo13+1
6.19.8-1
6.19.10-1~bpo13+1
6.19.10-1
6.19.11-1~bpo13+1
6.19.11-1
6.19.12-1
6.19.13-1~bpo13+1
6.19.13-1
6.19.14-1~bpo13+1
6.19.14-1
7.*
7.0-1~exp1
7.0.1-1~exp1
7.0.3-1
7.0.4-1~bpo13+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-46034.json"