U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2026-45994 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in command_file_write due to missing size checks The command_file_write() handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the buffer against the dot command protocol before passing it to get_dot_command_size() and get_dot_command_timeout(). Since both the allocation size (count) and the header fields (command_size, data_size) are independently user-controlled, an attacker can cause get_dot_command_size() to return a value exceeding the allocation, triggering OOB reads in get_dot_command_timeout() and an out-of-bounds memcpy_toio() that leaks kernel heap memory to the service processor. Fix with two guards: reject writes smaller than sizeof(struct dot_command_header) before allocation, then after copying user data reject commands where the buffer is smaller than the total size declared by the header (sizeof(header) + command_size + data_size). This ensures all subsequent header and payload field accesses stay within the buffer.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/0eb09f737428e482a32a2e31e5e223f2b35a71d3 kernel.org Patch 
https://git.kernel.org/stable/c/44ee19422aa82a6847594866de7e5a31e4ef98b3 kernel.org Patch 
https://git.kernel.org/stable/c/7b8a574da5d7ea99b943f7a3458a17a1d95e8838 kernel.org Patch 
https://git.kernel.org/stable/c/a672682d39dd34e2b5ba4feb436723bed65125ff kernel.org Patch 
https://git.kernel.org/stable/c/aefc1a97da17d8309974690c8a03e439a91ebb1c kernel.org Patch 
https://git.kernel.org/stable/c/d0fb4d1dc43f8d5179917a2daaa82680993d4cdf kernel.org Patch 
https://git.kernel.org/stable/c/d50e2019c9d7c433f56d9dff65703eb904aa1fb1 kernel.org Patch 
https://git.kernel.org/stable/c/ee5737891464030a189837467df3b81a273718ad kernel.org Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-125 Out-of-bounds Read cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2026-45994
NVD Published Date:
05/27/2026
NVD Last Modified:
06/16/2026
Source:
kernel.org