Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Linux Distros Unpatched Vulnerability : CVE-2026-46031

🗓️ 27 May 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 7 Views

Unpatched Linux CVE-2026-46031 may deadlock in ks8851 driver with preempt real time and BH handling around IRQs.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2026-46031
27 May 202612:56
attackerkb
CNNVD		Linux kernel 安全漏洞
27 May 202600:00
cnnvd
CVE		CVE-2026-46031
27 May 202612:56
cve
Cvelist		CVE-2026-46031 net: ks8851: Reinstate disabling of BHs around IRQ handler
27 May 202612:56
cvelist
Debian CVE		CVE-2026-46031
27 May 202612:56
debiancve
EUVD		EUVD-2026-32412
27 May 202612:56
euvd
NVD		CVE-2026-46031
27 May 202614:17
nvd
OSV		BELL-CVE-2026-46031
29 May 202606:10
osv
OSV		DEBIAN-CVE-2026-46031
27 May 202614:17
osv
OSV		ECHO-2BCA-ED07-E147
28 May 202604:57
osv
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(317169);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/02");

  script_cve_id("CVE-2026-46031");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-46031");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - net: ks8851: Reinstate disabling of BHs around IRQ handler If the driver executes ks8851_irq() AND a TX
    packet has been sent, then the driver enables TX queue via netif_wake_queue() which schedules TX softirq
    to queue packets for this device. If CONFIG_PREEMPT_RT=y is set AND a packet has also been received by the
    MAC, then ks8851_rx_pkts() calls netdev_alloc_skb_ip_align() to allocate SKBs for the received packets. If
    netdev_alloc_skb_ip_align() is called with BH enabled, then local_bh_enable() at the end of
    netdev_alloc_skb_ip_align() will trigger the pending softirq processing, which may ultimately call the
    .xmit callback ks8851_start_xmit_par(). The ks8851_start_xmit_par() will try to lock struct ks8851_net_par
    .lock spinlock, which is already locked by ks8851_irq() from which ks8851_start_xmit_par() was called.
    This leads to a deadlock, which is reported by the kernel, including a trace listed below. If
    CONFIG_PREEMPT_RT is not set, then since commit 0913ec336a6c0 (net: ks8851: Fix deadlock with the SPI
    chip variant) the deadlock can also be triggered without received packet in the RX FIFO. The pending
    softirqs will be processed on return from spin_unlock_bh(&ks->statelock) in ks8851_irq(), which triggers
    the deadlock as well. Fix the problem by disabling BH around critical sections, including the IRQ handler,
    thus preventing the net_tx_action() softirq from triggering during these critical sections. The
    net_tx_action() softirq is triggered once BH are re-enabled and at the end of the IRQ handler, once all
    the other IRQ handler actions have been completed. __schedule from schedule_rtlock+0x1c/0x34
    schedule_rtlock from rtlock_slowlock_locked+0x548/0x904 rtlock_slowlock_locked from rt_spin_lock+0x60/0x9c
    rt_spin_lock from ks8851_start_xmit_par+0x74/0x1a8 ks8851_start_xmit_par from netdev_start_xmit+0x20/0x44
    netdev_start_xmit from dev_hard_start_xmit+0xd0/0x188 dev_hard_start_xmit from sch_direct_xmit+0xb8/0x25c
    sch_direct_xmit from __qdisc_run+0x1f8/0x4ec __qdisc_run from qdisc_run+0x1c/0x28 qdisc_run from
    net_tx_action+0x1f0/0x268 net_tx_action from handle_softirqs+0x1a4/0x270 handle_softirqs from
    __local_bh_enable_ip+0xcc/0xe0 __local_bh_enable_ip from __alloc_skb+0xd8/0x128 __alloc_skb from
    __netdev_alloc_skb+0x3c/0x19c __netdev_alloc_skb from ks8851_irq+0x388/0x4d4 ks8851_irq from
    irq_thread_fn+0x24/0x64 irq_thread_fn from irq_thread+0x178/0x28c irq_thread from kthread+0x12c/0x138
    kthread from ret_from_fork+0x14/0x28 (CVE-2026-46031)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-46031");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-46031");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/05/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/05/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-12");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-12": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "12",
        "pkgs": [
          {"reference": "btrfs-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "cdrom-core-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "ext4-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "fat-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "isofs-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "jfs-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "kernel-image-6.1.0-47-alpha-generic-di"},
          {"reference": "linux-doc"},
          {"reference": "linux-doc-6.1"},
          {"reference": "linux-headers-6.1.0"},
          {"reference": "linux-source"},
          {"reference": "linux-source-6.1"},
          {"reference": "linux-support-6.1.0"},
          {"reference": "loop-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "nic-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "nic-shared-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "nic-wireless-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "pata-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "ppp-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "scsi-core-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "scsi-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "scsi-nic-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "serial-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "usb-serial-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "xfs-modules-6.1.0-47-alpha-generic-di"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Jun 2026 00:00Current
5.7Medium risk
Vulners AI Score5.7
CVSS 3.17.5
EPSS0.0007
linux vulnerabilityks8851 driverdeadlockpreempt real timeirq handlingbh disable
7