CVE-2026-46286

EUVD-2026-35151

08.06.2026, 17:16

In the Linux kernel, the following vulnerability has been resolved:

leds: qcom-lpg: Check for array overflow when selecting the high resolution

When selecting the high resolution values from the array, FIELD_GET() is
used to pull from a 3 bit register, yet the array being indexed has only
5 values in it. Odds are the hardware is sane, but just to be safe,
properly check before just overflowing and reading random data and then
setting up chip values based on that.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.174-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.257-1 fixed
forky	7.0.10-1 fixed
sid	7.0.10-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.90-2 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht bekannte Auswirkungen zu erzielen.
Published: 2026-06-08T22:00:00+00:00

References

https://git.kernel.org/stable/c/28a2e047d03721e0517c67ee726eaa6621c30e5f

https://git.kernel.org/stable/c/36ce3094dc50598f38fd961b46688cd533940efc

https://git.kernel.org/stable/c/438e357b3cc6cd6900df271e4bc567bfe1142281

https://git.kernel.org/stable/c/d45963a93c1495e9f1338fde91d0ebba8fd22474

https://git.kernel.org/stable/c/f67a24e75d3251ba42538738120b6b659c0dca7d