{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-46332/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-14T04:30:30.392Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-46332","@id":"https://www.cve.org/CVERecord?id=CVE-2026-46332","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: gb-beagleplay: bound bootloader receive buffering\n\ncc1352_bootloader_rx() appends each serdev chunk into the fixed\nrx_buffer before parsing bootloader packets. The helper can keep\nleftover bytes between callbacks and may receive multiple packets in one\ncallback, so a single count value is not constrained by one packet\nlength.\n\nCheck that the incoming chunk fits in the remaining receive buffer space\nbefore memcpy(). If "},"products":[{"@id":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:linux:linux:6.12:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:6.12:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 0, 0339a746ff7cd3f9d10f565e89c99dc93191e58d, 1214bf28965ceaf584fb20d357731264dd2e10e1, 6.12.86, 6.18.27, 663c2728a6d0f781044431111b53a27f71027e48, 7.0.4, 7.1-rc1, fb91d4e49fcbea0b5091394ac5b8f7d4124265c3.","timestamp":"2026-06-14T04:30:30.392Z"}]}