CVE-2026-46190

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()<br /> <br /> Sashiko noticed an out-of-bounds read [1].<br /> <br /> In spi_nor_params_show(), the snor_f_names array is passed to<br /> spi_nor_print_flags() using sizeof(snor_f_names).<br /> <br /> Since snor_f_names is an array of pointers, sizeof() returns the total<br /> number of bytes occupied by the pointers<br /> (element_count * sizeof(void *))<br /> rather than the element count itself. On 64-bit systems, this makes the<br /> passed length 8x larger than intended.<br /> <br /> Inside spi_nor_print_flags(), the &amp;#39;names_len&amp;#39; argument is used to<br /> bounds-check the &amp;#39;names&amp;#39; array access. An out-of-bounds read occurs<br /> if a flag bit is set that exceeds the array&amp;#39;s actual element count<br /> but is within the inflated byte-size count.<br /> <br /> Correct this by using ARRAY_SIZE() to pass the actual number of<br /> string pointers in the array.