HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46332Published Modified CNA Linux

CVE-2026-46332: greybus: gb-beagleplay: bound bootloader receive buffering

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352_bootloader_rx() appends each serdev chunk into the fixed rx_buffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may receive multiple packets in one callback, so a single count value is not constrained by one packet length. Check that the incoming chunk fits in the remaining receive buffer space before memcpy(). If it does not, drop the staged data and consume the bytes instead of overflowing rx_buffer.

Metrics

CVSS v3.1
8.0
Severity
HIGH
Fixed in
0
Affected Products
2

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A buffer overflow vulnerability exists in the Linux kernel's greybus gb-beagleplay driver, specifically in the bootloader receive path. The flaw is reachable from an adjacent network (such as a LAN or VPN segment) without authentication, but requires a victim to interact with the affected system. Successful exploitation gives an attacker full read, write, and crash capability over the affected host. Patched-image rebuilds at versions 6.12.86 and 6.18.27 are available on HarborGuard for environments running an affected kernel version.

HarborGuard Coverage

Detection

Detection of CVE-2026-46332 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all images in customer registries and CI/CD pipelines, including custom-built images that carry an affected kernel version.

Available
Triage

HarborGuard scores this CVE at CVSS 8.0 (HIGH) and weights it against each environment's compliance policy to determine urgency and routing. Findings are surfaced to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild at kernel versions 6.12.86 and 6.18.27 is available on HarborGuard for environments running an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityDetail

    The vulnerable service must be reachable from an adjacent network such as a local LAN, Wi-Fi segment, or VPN; remote internet-based exploitation is not directly possible.

  • AuthenticationNot required

    No credentials or account are needed; an unauthenticated attacker on the adjacent network can send malformed bootloader data to the driver.

  • Victim interactionRequired

    A user on the target system must perform some action (such as initiating or accepting a connection) for the exploit to trigger the vulnerable receive path.

  • Attack complexityDetail

    The exploit is reliable and condition-free once the attacker is on the adjacent network; no race conditions or special environmental factors are required.

Blast Radius

  • An attacker can overflow the rx_buffer and read sensitive kernel memory, including credentials or session material held in adjacent allocations.
  • An attacker can corrupt kernel memory structures, modifying persisted state or hijacking kernel control flow.
  • An attacker can crash the affected service or the entire kernel, causing a denial of service on the host.
  • Combined memory corruption primitives make remote code execution within the kernel context a realistic outcome of successful exploitation.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any image carrying an affected Linux kernel version, covering both official base images and custom-built images. For environments where the kernel version can be confirmed via image metadata, HarborGuard surfaces the finding with a CVSS 8.0 HIGH severity rating and routes it according to each org's compliance policy. Patched-image rebuilds at 6.12.86 and 6.18.27 are available immediately. For customers who opt into auto-remediation, HarborGuard rebuilds the affected image at the fix version, runs a regression test suite, and opens a pull request against affected workloads; for HIGH-severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where auto-remediation is not permitted by compliance policy, HarborGuard flags the finding for manual review and provides the exact fix-version targets needed to guide an upgrade.

See how HarborGuard automates this

Fix available

00339a746ff7cd3f9d10f565e89c99dc93191e58d1214bf28965ceaf584fb20d357731264dd2e10e16.12.866.18.27663c2728a6d0f781044431111b53a27f71027e487.0.47.1-rc1fb91d4e49fcbea0b5091394ac5b8f7d4124265c3
Affected packages
  • Linux / Linux
    < 663c2728a6d0f781044431111b53a27f71027e48 (from 0cf7befa3ea2e7284d8ba5b8f45a546865b09edb) · < fb91d4e49fcbea0b5091394ac5b8f7d4124265c3 (from 0cf7befa3ea2e7284d8ba5b8f45a546865b09edb) · < 0339a746ff7cd3f9d10f565e89c99dc93191e58d (from 0cf7befa3ea2e7284d8ba5b8f45a546865b09edb) · < 1214bf28965ceaf584fb20d357731264dd2e10e1 (from 0cf7befa3ea2e7284d8ba5b8f45a546865b09edb)
  • Linux / Linux
    6.12
    Fixed in 0, 6.12.86, 6.18.27, 7.0.4, 7.1-rc1
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References