GHSA-8VHC-Q32V-78W5

Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-06-08 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/imagination: Fix segfault when updating ftrace mask

Fix invalid data access by passing right data for debugfs entry.

[ 171.549793] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 171.559248] Mem abort info: [ 171.562173] ESR = 0x0000000096000044 [ 171.566227] EC = 0x25: DABT (current EL), IL = 32 bits [ 171.573108] SET = 0, FnV = 0 [ 171.576448] EA = 0, S1PTW = 0 [ 171.579745] FSC = 0x04: level 0 translation fault [ 171.584760] Data abort info: [ 171.588012] ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000 [ 171.593734] CM = 0, WnR = 1, TnD = 0, TagAccess = 0 [ 171.598962] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 171.604471] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000083837000 [ 171.611358] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 171.618500] Internal error: Oops: 0000000096000044 [#1] SMP [ 171.624222] Modules linked in: powervr drm_shmem_helper drm_gpuvm... [ 171.656580] CPU: 0 UID: 0 PID: 549 Comm: bash Not tainted 7.0.0-rc2-g730b257ba723-dirty #13 PREEMPT [ 171.665773] Hardware name: BeagleBoard.org BeaglePlay (DT) [ 171.671296] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 171.678306] pc : pvr_fw_trace_mask_set+0x78/0x154 [powervr] [ 171.683959] lr : pvr_fw_trace_mask_set+0x4c/0x154 [powervr] [ 171.689593] sp : ffff8000835ebb90 [ 171.692929] x29: ffff8000835ebc00 x28: ffff000005c60f80 x27: 0000000000000000 [ 171.700130] x26: 0000000000000000 x25: ffff00000504af28 x24: 0000000000000000 [ 171.707324] x23: ffff00000504af50 x22: 0000000000000203 x21: 0000000000000000 [ 171.714518] x20: ffff000005c44a80 x19: ffff000005c457b8 x18: 0000000000000000 [ 171.721715] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaae8887580 [ 171.728908] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000835ebc30 [ 171.736095] x11: ffff00000504af2a x10: ffff00008504af29 x9 : 0fffffffffffffff [ 171.743286] x8 : ffff8000835ebbf8 x7 : 0000000000000000 x6 : 000000000000002a [ 171.750479] x5 : ffff00000504af2e x4 : 0000000000000000 x3 : 0000000000000010 [ 171.757674] x2 : 0000000000000203 x1 : 0000000000000000 x0 : ffff8000835ebba0 [ 171.764871] Call trace: [ 171.767342] pvr_fw_trace_mask_set+0x78/0x154 [powervr] (P) [ 171.772984] simple_attr_write_xsigned.isra.0+0xe0/0x19c [ 171.778341] simple_attr_write+0x18/0x24 [ 171.782296] debugfs_attr_write+0x50/0x98 [ 171.786341] full_proxy_write+0x6c/0xa8 [ 171.790208] vfs_write+0xd4/0x350 [ 171.793561] ksys_write+0x70/0x108 [ 171.796995] __arm64_sys_write+0x1c/0x28 [ 171.800952] invoke_syscall+0x48/0x10c [ 171.804740] el0_svc_common.constprop.0+0x40/0xe0 [ 171.809487] do_el0_svc+0x1c/0x28 [ 171.812834] el0_svc+0x34/0x108 [ 171.816013] el0t_64_sync_handler+0xa0/0xe4 [ 171.820237] el0t_64_sync+0x198/0x19c [ 171.823939] Code: 32000262 b90ac293 1a931056 9134e293 (b9000036) [ 171.830073] ---[ end trace 0000000000000000 ]---

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2026-46278"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-08T17:16:45Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Fix segfault when updating ftrace mask\n\nFix invalid data access by passing right data for debugfs entry.\n\n[  171.549793] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[  171.559248] Mem abort info:\n[  171.562173]   ESR = 0x0000000096000044\n[  171.566227]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  171.573108]   SET = 0, FnV = 0\n[  171.576448]   EA = 0, S1PTW = 0\n[  171.579745]   FSC = 0x04: level 0 translation fault\n[  171.584760] Data abort info:\n[  171.588012]   ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000\n[  171.593734]   CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n[  171.598962]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[  171.604471] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000083837000\n[  171.611358] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[  171.618500] Internal error: Oops: 0000000096000044 [#1]  SMP\n[  171.624222] Modules linked in: powervr drm_shmem_helper drm_gpuvm...\n[  171.656580] CPU: 0 UID: 0 PID: 549 Comm: bash Not tainted 7.0.0-rc2-g730b257ba723-dirty #13 PREEMPT\n[  171.665773] Hardware name: BeagleBoard.org BeaglePlay (DT)\n[  171.671296] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  171.678306] pc : pvr_fw_trace_mask_set+0x78/0x154 [powervr]\n[  171.683959] lr : pvr_fw_trace_mask_set+0x4c/0x154 [powervr]\n[  171.689593] sp : ffff8000835ebb90\n[  171.692929] x29: ffff8000835ebc00 x28: ffff000005c60f80 x27: 0000000000000000\n[  171.700130] x26: 0000000000000000 x25: ffff00000504af28 x24: 0000000000000000\n[  171.707324] x23: ffff00000504af50 x22: 0000000000000203 x21: 0000000000000000\n[  171.714518] x20: ffff000005c44a80 x19: ffff000005c457b8 x18: 0000000000000000\n[  171.721715] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaae8887580\n[  171.728908] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000835ebc30\n[  171.736095] x11: ffff00000504af2a x10: ffff00008504af29 x9 : 0fffffffffffffff\n[  171.743286] x8 : ffff8000835ebbf8 x7 : 0000000000000000 x6 : 000000000000002a\n[  171.750479] x5 : ffff00000504af2e x4 : 0000000000000000 x3 : 0000000000000010\n[  171.757674] x2 : 0000000000000203 x1 : 0000000000000000 x0 : ffff8000835ebba0\n[  171.764871] Call trace:\n[  171.767342]  pvr_fw_trace_mask_set+0x78/0x154 [powervr] (P)\n[  171.772984]  simple_attr_write_xsigned.isra.0+0xe0/0x19c\n[  171.778341]  simple_attr_write+0x18/0x24\n[  171.782296]  debugfs_attr_write+0x50/0x98\n[  171.786341]  full_proxy_write+0x6c/0xa8\n[  171.790208]  vfs_write+0xd4/0x350\n[  171.793561]  ksys_write+0x70/0x108\n[  171.796995]  __arm64_sys_write+0x1c/0x28\n[  171.800952]  invoke_syscall+0x48/0x10c\n[  171.804740]  el0_svc_common.constprop.0+0x40/0xe0\n[  171.809487]  do_el0_svc+0x1c/0x28\n[  171.812834]  el0_svc+0x34/0x108\n[  171.816013]  el0t_64_sync_handler+0xa0/0xe4\n[  171.820237]  el0t_64_sync+0x198/0x19c\n[  171.823939] Code: 32000262 b90ac293 1a931056 9134e293 (b9000036)\n[  171.830073] ---[ end trace 0000000000000000 ]---",
  "id": "GHSA-8vhc-q32v-78w5",
  "modified": "2026-06-08T18:31:51Z",
  "published": "2026-06-08T18:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46278"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5dfd429591f8d7185bf63a08b5c30863fb605611"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba422758981b61585c7da6429f50ef1c58d326f7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.