How is CVE-2026-46326 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network access to the target is required. Authentication (not-required): No credentials or account privileges are needed to trigger the vulnerability. Victim interaction (not-required): Exploitation is fully attacker-driven and does not require any action from another user or process. Attack complexity (info): The exploit is reliable and condition-free; no race conditions or special environmental factors are required.

What is the impact of CVE-2026-46326?

Reads sensitive kernel memory, which may expose cryptographic material, credentials, or other process data held in kernel space. Writes to kernel memory structures, enabling privilege escalation or arbitrary code execution within the kernel context. Crashes the affected kernel subsystem or the entire host, causing a full denial of service for all workloads on that node. Any container sharing the host kernel is exposed, meaning a compromise is not limited to a single workload or namespace.

Back to search

HIGHCVE-2026-46326Published 2026-06-09Modified 2026-06-14CNA Linux

CVE-2026-46326: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation Make sure that the spi_transfer struct is zeroed out before use.

CVSS v3.1: 8.4
Severity: HIGH
Fixed in: 0
Affected Products: 2

HarborGuard Analysis

Synopsis

An uninitialized-memory vulnerability affects the Linux kernel's IIO pressure sensor driver (mprls0025pa) for SPI-connected devices. The flaw is reachable locally, requires no authentication, and affects kernel versions prior to the fixed commits across the 6.12, 6.18, and 6.19 stable series. Successful exploitation gives an attacker full read, write, and crash capability over the affected kernel subsystem. Patched-image rebuilds at the fixed kernel versions (6.12.75, 6.18.14, 6.19.4) are available on HarborGuard for environments running an affected image.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle an affected kernel version.

Available

Triage

HarborGuard scores this CVE at CVSS 8.4 (HIGH) and is capable of weighting that score against each customer organization's compliance policy to determine urgency. Triage alerts are routable to the appropriate team inbox within each customer org based on configured ownership rules.

Available

Patch

A patched-image rebuild against the fixed kernel versions (6.12.75, 6.18.14, or 6.19.4, depending on the branch in use) is available on HarborGuard for environments running an affected version. For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run a regression test suite, and open a PR against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network access to the target is required.
AuthenticationNot required
No credentials or account privileges are needed to trigger the vulnerability.
Victim interactionNot required
Exploitation is fully attacker-driven and does not require any action from another user or process.
Attack complexityDetail
The exploit is reliable and condition-free; no race conditions or special environmental factors are required.

Blast Radius

Reads sensitive kernel memory, which may expose cryptographic material, credentials, or other process data held in kernel space.
Writes to kernel memory structures, enabling privilege escalation or arbitrary code execution within the kernel context.
Crashes the affected kernel subsystem or the entire host, causing a full denial of service for all workloads on that node.
Any container sharing the host kernel is exposed, meaning a compromise is not limited to a single workload or namespace.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any image in a customer registry or pipeline that packages an affected Linux kernel version, including custom base images. Where compliance policy permits, HarborGuard can rebuild affected images against the patched kernel releases (6.12.75, 6.18.14, or 6.19.4) and, for customers with auto-remediation enabled, will open a regression-tested PR against affected workloads automatically. Median time from CVE publication to merged patch PR for HIGH-severity issues is around 90 minutes for environments with auto-remediation enabled. Customers who cannot immediately rebuild should consider isolating affected nodes with network policy controls and restricting local shell access to reduce the attacker footprint while a rebuild is prepared.

See how HarborGuard automates this

Fix available

01e0ac56c92e26115cbc8cfc639843725cb3a7d6a6.12.756.18.146.19.4664ffdf34c01810085e4d85508b361c3fdd2ab407.072158f9ae29a9e56d0f9704ce461a866feaf99259080c7ac30f5f8f8fcb7b27b56df60fea7909c21

Affected packages

Linux / Linux
< 72158f9ae29a9e56d0f9704ce461a866feaf9925 (from a0858f0cd28e822b91376ae288d5548bc1847531) · < 664ffdf34c01810085e4d85508b361c3fdd2ab40 (from a0858f0cd28e822b91376ae288d5548bc1847531) · < 9080c7ac30f5f8f8fcb7b27b56df60fea7909c21 (from a0858f0cd28e822b91376ae288d5548bc1847531) · < 1e0ac56c92e26115cbc8cfc639843725cb3a7d6a (from a0858f0cd28e822b91376ae288d5548bc1847531)
Linux / Linux
6.9
Fixed in 0, 6.12.75, 6.18.14, 6.19.4, 7.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available