{"api_version":"1","generated_at":"2026-06-09T18:09:10+00:00","cve":"CVE-2026-46278","urls":{"html":"https://cve.report/CVE-2026-46278","api":"https://cve.report/api/cve/CVE-2026-46278.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-46278","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-46278"},"summary":{"title":"drm/imagination: Fix segfault when updating ftrace mask","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Fix segfault when updating ftrace mask\n\nFix invalid data access by passing right data for debugfs entry.\n\n[  171.549793] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[  171.559248] Mem abort info:\n[  171.562173]   ESR = 0x0000000096000044\n[  171.566227]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  171.573108]   SET = 0, FnV = 0\n[  171.576448]   EA = 0, S1PTW = 0\n[  171.579745]   FSC = 0x04: level 0 translation fault\n[  171.584760] Data abort info:\n[  171.588012]   ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000\n[  171.593734]   CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n[  171.598962]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[  171.604471] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000083837000\n[  171.611358] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[  171.618500] Internal error: Oops: 0000000096000044 [#1]  SMP\n[  171.624222] Modules linked in: powervr drm_shmem_helper drm_gpuvm...\n[  171.656580] CPU: 0 UID: 0 PID: 549 Comm: bash Not tainted 7.0.0-rc2-g730b257ba723-dirty #13 PREEMPT\n[  171.665773] Hardware name: BeagleBoard.org BeaglePlay (DT)\n[  171.671296] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  171.678306] pc : pvr_fw_trace_mask_set+0x78/0x154 [powervr]\n[  171.683959] lr : pvr_fw_trace_mask_set+0x4c/0x154 [powervr]\n[  171.689593] sp : ffff8000835ebb90\n[  171.692929] x29: ffff8000835ebc00 x28: ffff000005c60f80 x27: 0000000000000000\n[  171.700130] x26: 0000000000000000 x25: ffff00000504af28 x24: 0000000000000000\n[  171.707324] x23: ffff00000504af50 x22: 0000000000000203 x21: 0000000000000000\n[  171.714518] x20: ffff000005c44a80 x19: ffff000005c457b8 x18: 0000000000000000\n[  171.721715] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaae8887580\n[  171.728908] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000835ebc30\n[  171.736095] x11: ffff00000504af2a x10: ffff00008504af29 x9 : 0fffffffffffffff\n[  171.743286] x8 : ffff8000835ebbf8 x7 : 0000000000000000 x6 : 000000000000002a\n[  171.750479] x5 : ffff00000504af2e x4 : 0000000000000000 x3 : 0000000000000010\n[  171.757674] x2 : 0000000000000203 x1 : 0000000000000000 x0 : ffff8000835ebba0\n[  171.764871] Call trace:\n[  171.767342]  pvr_fw_trace_mask_set+0x78/0x154 [powervr] (P)\n[  171.772984]  simple_attr_write_xsigned.isra.0+0xe0/0x19c\n[  171.778341]  simple_attr_write+0x18/0x24\n[  171.782296]  debugfs_attr_write+0x50/0x98\n[  171.786341]  full_proxy_write+0x6c/0xa8\n[  171.790208]  vfs_write+0xd4/0x350\n[  171.793561]  ksys_write+0x70/0x108\n[  171.796995]  __arm64_sys_write+0x1c/0x28\n[  171.800952]  invoke_syscall+0x48/0x10c\n[  171.804740]  el0_svc_common.constprop.0+0x40/0xe0\n[  171.809487]  do_el0_svc+0x1c/0x28\n[  171.812834]  el0_svc+0x34/0x108\n[  171.816013]  el0t_64_sync_handler+0xa0/0xe4\n[  171.820237]  el0t_64_sync+0x198/0x19c\n[  171.823939] Code: 32000262 b90ac293 1a931056 9134e293 (b9000036)\n[  171.830073] ---[ end trace 0000000000000000 ]---","state":"PUBLISHED","assigner":"Linux","published_at":"2026-06-08 17:16:45","updated_at":"2026-06-08 17:16:45"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/5dfd429591f8d7185bf63a08b5c30863fb605611","name":"https://git.kernel.org/stable/c/5dfd429591f8d7185bf63a08b5c30863fb605611","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/ba422758981b61585c7da6429f50ef1c58d326f7","name":"https://git.kernel.org/stable/c/ba422758981b61585c7da6429f50ef1c58d326f7","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46278","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46278","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a331631496a0af9a6f4e7e1860983afd8b1bb013 ba422758981b61585c7da6429f50ef1c58d326f7 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a331631496a0af9a6f4e7e1860983afd8b1bb013 5dfd429591f8d7185bf63a08b5c30863fb605611 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7.0","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0.4 7.0.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.1-rc2 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/gpu/drm/imagination/pvr_fw_trace.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"ba422758981b61585c7da6429f50ef1c58d326f7","status":"affected","version":"a331631496a0af9a6f4e7e1860983afd8b1bb013","versionType":"git"},{"lessThan":"5dfd429591f8d7185bf63a08b5c30863fb605611","status":"affected","version":"a331631496a0af9a6f4e7e1860983afd8b1bb013","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/gpu/drm/imagination/pvr_fw_trace.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"7.0"},{"lessThan":"7.0","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"7.0.*","status":"unaffected","version":"7.0.4","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.1-rc2","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.4","versionStartIncluding":"7.0","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1-rc2","versionStartIncluding":"7.0","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Fix segfault when updating ftrace mask\n\nFix invalid data access by passing right data for debugfs entry.\n\n[  171.549793] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[  171.559248] Mem abort info:\n[  171.562173]   ESR = 0x0000000096000044\n[  171.566227]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  171.573108]   SET = 0, FnV = 0\n[  171.576448]   EA = 0, S1PTW = 0\n[  171.579745]   FSC = 0x04: level 0 translation fault\n[  171.584760] Data abort info:\n[  171.588012]   ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000\n[  171.593734]   CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n[  171.598962]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[  171.604471] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000083837000\n[  171.611358] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[  171.618500] Internal error: Oops: 0000000096000044 [#1]  SMP\n[  171.624222] Modules linked in: powervr drm_shmem_helper drm_gpuvm...\n[  171.656580] CPU: 0 UID: 0 PID: 549 Comm: bash Not tainted 7.0.0-rc2-g730b257ba723-dirty #13 PREEMPT\n[  171.665773] Hardware name: BeagleBoard.org BeaglePlay (DT)\n[  171.671296] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  171.678306] pc : pvr_fw_trace_mask_set+0x78/0x154 [powervr]\n[  171.683959] lr : pvr_fw_trace_mask_set+0x4c/0x154 [powervr]\n[  171.689593] sp : ffff8000835ebb90\n[  171.692929] x29: ffff8000835ebc00 x28: ffff000005c60f80 x27: 0000000000000000\n[  171.700130] x26: 0000000000000000 x25: ffff00000504af28 x24: 0000000000000000\n[  171.707324] x23: ffff00000504af50 x22: 0000000000000203 x21: 0000000000000000\n[  171.714518] x20: ffff000005c44a80 x19: ffff000005c457b8 x18: 0000000000000000\n[  171.721715] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaae8887580\n[  171.728908] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000835ebc30\n[  171.736095] x11: ffff00000504af2a x10: ffff00008504af29 x9 : 0fffffffffffffff\n[  171.743286] x8 : ffff8000835ebbf8 x7 : 0000000000000000 x6 : 000000000000002a\n[  171.750479] x5 : ffff00000504af2e x4 : 0000000000000000 x3 : 0000000000000010\n[  171.757674] x2 : 0000000000000203 x1 : 0000000000000000 x0 : ffff8000835ebba0\n[  171.764871] Call trace:\n[  171.767342]  pvr_fw_trace_mask_set+0x78/0x154 [powervr] (P)\n[  171.772984]  simple_attr_write_xsigned.isra.0+0xe0/0x19c\n[  171.778341]  simple_attr_write+0x18/0x24\n[  171.782296]  debugfs_attr_write+0x50/0x98\n[  171.786341]  full_proxy_write+0x6c/0xa8\n[  171.790208]  vfs_write+0xd4/0x350\n[  171.793561]  ksys_write+0x70/0x108\n[  171.796995]  __arm64_sys_write+0x1c/0x28\n[  171.800952]  invoke_syscall+0x48/0x10c\n[  171.804740]  el0_svc_common.constprop.0+0x40/0xe0\n[  171.809487]  do_el0_svc+0x1c/0x28\n[  171.812834]  el0_svc+0x34/0x108\n[  171.816013]  el0t_64_sync_handler+0xa0/0xe4\n[  171.820237]  el0t_64_sync+0x198/0x19c\n[  171.823939] Code: 32000262 b90ac293 1a931056 9134e293 (b9000036)\n[  171.830073] ---[ end trace 0000000000000000 ]---"}],"providerMetadata":{"dateUpdated":"2026-06-08T15:41:20.876Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/ba422758981b61585c7da6429f50ef1c58d326f7"},{"url":"https://git.kernel.org/stable/c/5dfd429591f8d7185bf63a08b5c30863fb605611"}],"title":"drm/imagination: Fix segfault when updating ftrace mask","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-46278","datePublished":"2026-06-08T15:41:20.876Z","dateReserved":"2026-05-13T15:03:33.109Z","dateUpdated":"2026-06-08T15:41:20.876Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-08 17:16:45","lastModifiedDate":"2026-06-08 17:16:45","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"46278","Ordinal":"1","Title":"drm/imagination: Fix segfault when updating ftrace mask","CVE":"CVE-2026-46278","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"46278","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Fix segfault when updating ftrace mask\n\nFix invalid data access by passing right data for debugfs entry.\n\n[  171.549793] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[  171.559248] Mem abort info:\n[  171.562173]   ESR = 0x0000000096000044\n[  171.566227]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  171.573108]   SET = 0, FnV = 0\n[  171.576448]   EA = 0, S1PTW = 0\n[  171.579745]   FSC = 0x04: level 0 translation fault\n[  171.584760] Data abort info:\n[  171.588012]   ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000\n[  171.593734]   CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n[  171.598962]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[  171.604471] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000083837000\n[  171.611358] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[  171.618500] Internal error: Oops: 0000000096000044 [#1]  SMP\n[  171.624222] Modules linked in: powervr drm_shmem_helper drm_gpuvm...\n[  171.656580] CPU: 0 UID: 0 PID: 549 Comm: bash Not tainted 7.0.0-rc2-g730b257ba723-dirty #13 PREEMPT\n[  171.665773] Hardware name: BeagleBoard.org BeaglePlay (DT)\n[  171.671296] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  171.678306] pc : pvr_fw_trace_mask_set+0x78/0x154 [powervr]\n[  171.683959] lr : pvr_fw_trace_mask_set+0x4c/0x154 [powervr]\n[  171.689593] sp : ffff8000835ebb90\n[  171.692929] x29: ffff8000835ebc00 x28: ffff000005c60f80 x27: 0000000000000000\n[  171.700130] x26: 0000000000000000 x25: ffff00000504af28 x24: 0000000000000000\n[  171.707324] x23: ffff00000504af50 x22: 0000000000000203 x21: 0000000000000000\n[  171.714518] x20: ffff000005c44a80 x19: ffff000005c457b8 x18: 0000000000000000\n[  171.721715] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaae8887580\n[  171.728908] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000835ebc30\n[  171.736095] x11: ffff00000504af2a x10: ffff00008504af29 x9 : 0fffffffffffffff\n[  171.743286] x8 : ffff8000835ebbf8 x7 : 0000000000000000 x6 : 000000000000002a\n[  171.750479] x5 : ffff00000504af2e x4 : 0000000000000000 x3 : 0000000000000010\n[  171.757674] x2 : 0000000000000203 x1 : 0000000000000000 x0 : ffff8000835ebba0\n[  171.764871] Call trace:\n[  171.767342]  pvr_fw_trace_mask_set+0x78/0x154 [powervr] (P)\n[  171.772984]  simple_attr_write_xsigned.isra.0+0xe0/0x19c\n[  171.778341]  simple_attr_write+0x18/0x24\n[  171.782296]  debugfs_attr_write+0x50/0x98\n[  171.786341]  full_proxy_write+0x6c/0xa8\n[  171.790208]  vfs_write+0xd4/0x350\n[  171.793561]  ksys_write+0x70/0x108\n[  171.796995]  __arm64_sys_write+0x1c/0x28\n[  171.800952]  invoke_syscall+0x48/0x10c\n[  171.804740]  el0_svc_common.constprop.0+0x40/0xe0\n[  171.809487]  do_el0_svc+0x1c/0x28\n[  171.812834]  el0_svc+0x34/0x108\n[  171.816013]  el0t_64_sync_handler+0xa0/0xe4\n[  171.820237]  el0t_64_sync+0x198/0x19c\n[  171.823939] Code: 32000262 b90ac293 1a931056 9134e293 (b9000036)\n[  171.830073] ---[ end trace 0000000000000000 ]---","Type":"Description","Title":"drm/imagination: Fix segfault when updating ftrace mask"}]}}}