What is CVE-2026-46151?

CVE-2026-46151 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.12 onward and patched in 5.10.258, 5.15.209, 6.1.175 and others. CVE-2026-46151 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46151?

CVE-2026-46151 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46151?

Yes, CVE-2026-46151 has been patched. Fixed versions include 5.10.258, 5.15.209, 6.1.175 and others. If you are running Linux kernel 2.6.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46151 actively exploited?

CVE-2026-46151 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblp_ctrl_msg() collapses the usb_control_msg() return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GET_DEVICE_ID control transfer short and the driver has no way to know. usblp_cache_device_id_string() reads the 2-byte big-endian length prefix from the response and trusts it (clamped only to the buffer bounds). The buffer is kmalloc(1024) at probe time. A device that sends exactly two bytes (e.g. 0x03 0xFF, claiming a 1023-byte ID) leaves device_id_string[2..1022] holding stale kmalloc heap. That stale data is then exposed: - via the ieee1284_id sysfs attribute (sprintf("%s", buf+2), truncated at the first NUL in the stale heap), and - via the IOCNR_GET_DEVICE_ID ioctl, which copy_to_user()s the full claimed length regardless of NULs, up to 1021 bytes of uninitialized heap, with the leak size chosen by the device. Fix this up by just zapping the buffer with zeros before each request sent to the device.

Package Linux Kernel

Published 2026-05-28

Last modified 2026-06-01

Patch available

Yes

Affected versions

Linux kernel versions 2.6.12 and later are affected. Fixed in 5.10.258, 5.15.209, 6.1.175, 6.6.140, 6.12.88, 6.18.30, 7.0.7, 7.1-rc3 and their respective stable series.

Affected from

≥ 2.6.12

Fixed in

✓ 5.10.258 5.10.x ✓ 5.15.209 5.15.x ✓ 6.1.175 6.1.x ✓ 6.6.140 6.6.x ✓ 6.12.88 6.12.x ✓ 6.18.30 6.18.x ✓ 7.0.7 7.0.x ✓ 7.1-rc3

References

The following references provide additional information about CVE-2026-46151 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/4220d4dd062ea3d3eb056a6cbe0b568e740d20b1
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4650cce898fcd0bb8c33e529984687a8caed10c3
Patch
Kernel patch commit
https://git.kernel.org/stable/c/522d17e93a85575256894212d10e5a1fa6f36529
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-46151?

CVE-2026-46151 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.12 onward and has been patched in 5.10.258, 5.15.209, 6.1.175 and others. CVE-2026-46151 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46151?

Yes — CVE-2026-46151 has been patched. Fixed versions include 5.10.258, 5.15.209, 6.1.175 and others. If you are running Linux kernel 2.6.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46151 actively exploited?

No — CVE-2026-46151 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.