CVE & CISA-KEV Catalog

CVE-2026-46294

UNSCORED

Description

In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson (using Claude) found a buffer overflow in dm-ioctl in the function retrieve_status: 1. The code in retrieve_status checks that the output string fits into the output buffer and writes the output string there 2. Then, the code aligns the "outptr" variable to the next 8-byte boundary: outptr = align_ptr(outptr); 3. The alignment doesn't check overflow, so outptr could point past the buffer end 4. The "for" loop is iterated again, it executes: remaining = len - (outptr - outbuf); 5. If "outptr" points past "outbuf + len", the arithmetics wraps around and the variable "remaining" contains unusually high number 6. With "remaining" being high, the code writes more data past the end of the buffer Luckily, this bug has no security implications because: 1. Only root can issue device mapper ioctls 2. The commonly used libraries that communicate with device mapper (libdevmapper and devicemapper-rs) use buffer size that is aligned to 8 bytes - thus, "outptr = align_ptr(outptr)" can't overshoot the input buffer and the bug can't happen accidentally

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.259-1CVE-2026-46294
Fixed in:6.1.176-1CVE-2026-46294
Fixed in:6.12.88-1CVE-2026-46294
Fixed in:7.0.7-1CVE-2026-46294

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

0.19%probability of exploitation in 30 days
9thpercentile

Low risk: more likely to be exploited than 9% of all known CVEs.

References

Embed a live status badge for CVE-2026-46294
CVE-2026-46294 severity badge

Markdown

[![CVE-2026-46294](https://tridentstack.com/cve/badge/CVE-2026-46294.svg)](https://tridentstack.com/cve/CVE-2026-46294)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-46294"><img src="https://tridentstack.com/cve/badge/CVE-2026-46294.svg" alt="CVE-2026-46294"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-17.