USB Request Structure Vulnerability in Linux Kernel
CVE-2026-46091

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-46091?

A vulnerability exists in the Linux kernel related to the USB request structure, specifically in the context of Direct Memory Access (DMA) operations. The issue arises in the igorplugusb driver, where the control request must adhere to DMA coherency rules. Failure to comply can lead to inconsistencies in data transfer, potentially allowing unauthorized access or modification of memory. To mitigate this, it is crucial to allocate the USB request structure separately to ensure safe DMA operations.

Affected Version(s)

Linux b1c97193c6437a6083da67f8e97c8ee29b2f1989 < 18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a

Linux b1c97193c6437a6083da67f8e97c8ee29b2f1989 < 0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc

Linux b1c97193c6437a6083da67f8e97c8ee29b2f1989 < 0adac0ee2c42027d80bac02ea9b576a88f8955d3

References

https://git.kernel.org/stable/c/18d6a7c9e4e63c57157e9a57d...

https://git.kernel.org/stable/c/0be8fcd9005e3d3b5a61fe34b...

https://git.kernel.org/stable/c/0adac0ee2c42027d80bac02ea...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46091 Data

JSON