PT-2026-39041 · Linux · Linux Kernel

Published

2026-05-08

·

Updated

2026-05-26

·

CVE-2026-43380

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The q54sj108a2 debugfs read() function contains a stack buffer overflow. This occurs because incorrect arguments are passed to the bin2hex() function, where the destination and source buffers are swapped. Since bin2hex() converts each input byte into two hexadecimal characters, a 32-byte block read generates 64 bytes of output. Because the destination buffer data is only 34 bytes, this results in 30 bytes being written past the end of the buffer onto the stack. Additionally, the swapped arguments cause the function to read from a zero-initialized buffer, leading to all-zero output regardless of the actual I2C read.
Recommendations Update the Linux kernel to a version where the q54sj108a2 debugfs read() function has been patched to expand the data char buffer to 66 bytes, correct the bin2hex() argument order, and use a pointer for the simple read from buffer() call.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-43380

Affected Products

Linux Kernel