CVE-2026-46250

HIGHPre-NVD 7.37.3
EchelonGraph scoreMEDIUM confidence

Score 7.3 from GitHub Security Advisory (severity: HIGH) published 2026-06-03. a secondary CVSS source baseline 7.3; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, secondary
Trending — 4 sources updated this week
7.3
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 0%CVSS: 7.3Exploit: NoneExposed: 0

A fix is available — apply it.

In the Linux kernel, the following vulnerability has been resolved:

MIPS: Work around LLVM bug when gp is used as global register variable

On MIPS, __current_thread_info is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation.

This however is broken with LLVM, which always restores $gp if it finds $gp is clobbered in any form, including when intentionally through a global register variable. This is against GCC's documentation[1], which requires a callee-saved register used as global register variable not to be restored if it's clobbered.

As a result, $gp will continue to point to the unrelocated kernel after the epilog of relocate_kernel(), leading to an early crash in init_idle,

[ 0.000000] CPU 0 Unable to handle kernel paging request at virtual address 0000000000000000, epc == ffffffff81afada8, ra == ffffffff81afad90 [ 0.000000] Oops[#1]: [ 0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Tainted: G W 6.19.0-rc5-00262-gd3eeb99bbc99-dirty #188 VOLUNTARY [ 0.000000] Tainted: [W]=WARN [ 0.000000] Hardware name: loongson,loongson64v-4core-virtio [ 0.000000] $ 0 : 0000000000000000 0000000000000000 0000000000000001 0000000000000000 [ 0.000000] $ 4 : ffffffff80b80ec0 ffffffff80b53d48 0000000000000000 00000000000f4240 [ 0.000000] $ 8 : 0000000000000100 ffffffff81d82f80 ffffffff81d82f80 0000000000000001 [ 0.000000] $12 : 0000000000000000 ffffffff81776f58 00000000000005da 0000000000000002 [ 0.000000] $16 : ffffffff80b80e40 0000000000000000 ffffffff80b81614 9800000005dfbe80 [ 0.000000] $20 : 00000000540000e0 ffffffff81980000 0000000000000000 ffffffff80f81c80 [ 0.000000] $24 : 0000000000000a26 ffffffff8114fb90 [ 0.000000] $28 : ffffffff80b50000 ffffffff80b53d40 0000000000000000 ffffffff81afad90 [ 0.000000] Hi : 0000000000000000 [ 0.000000] Lo : 0000000000000000 [ 0.000000] epc : ffffffff81afada8 init_idle+0x130/0x270 [ 0.000000] ra : ffffffff81afad90 init_idle+0x118/0x270 [ 0.000000] Status: 540000e2 KX SX UX KERNEL EXL [ 0.000000] Cause : 00000008 (ExcCode 02) [ 0.000000] BadVA : 0000000000000000 [ 0.000000] PrId : 00006305 (ICT Loongson-3) [ 0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____), tls=0000000000000000) [ 0.000000] Stack : 9800000005dfbf00 ffffffff8178e950 0000000000000000 0000000000000000 [ 0.000000] 0000000000000000 ffffffff81970000 000000000000003f ffffffff810a6528 [ 0.000000] 0000000000000001 9800000005dfbe80 9800000005dfbf00 ffffffff81980000 [ 0.000000] ffffffff810a6450 ffffffff81afb6c0 0000000000000000 ffffffff810a2258 [ 0.000000] ffffffff81d82ec8 ffffffff8198d010 ffffffff81b67e80 ffffffff8197dd98 [ 0.000000] ffffffff81d81c80 ffffffff81930000 0000000000000040 0000000000000000 [ 0.000000] 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 0.000000] 0000000000000000 000000000000009e ffffffff9fc01000 0000000000000000 [ 0.000000] 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 0.000000] 0000000000000000 ffffffff81ae86dc ffffffff81b3c741 0000000000000002 [ 0.000000] ... [ 0.000000] Call Trace: [ 0.000000] [] init_idle+0x130/0x270 [ 0.000000] [] sched_init+0x5c8/0x6c0 [ 0.000000] [] start_kernel+0x27c/0x7a8

This bug has been reported to LLVM[2] and affects version from (at least) 18 to 21. Let's work around this by using inline assembly to assign $gp before a fix is widely available.

CVSS v3
7.3
EG Score
7.3(medium)
EPSS
2.8%
KEV
Not listed

Published

June 3, 2026

Last Modified

June 9, 2026

Advisory Details (8)

Auto-updated Jun 11, 2026
No patch confirmed yet.
generic

MIPS: Work around LLVM bug when gp is used as global register variable - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/e3a6498a63394218561065a9a7a597a204f52f6a
generic

MIPS: Work around LLVM bug when gp is used as global register variable - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/c0155dee51b9f5f48aaf5c71cae005eb0e36521f
generic

MIPS: Work around LLVM bug when gp is used as global register variable - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/9bc3b0ae5203aba650297fdf3e1e774125e423f2
generic

MIPS: Work around LLVM bug when gp is used as global register variable - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/561834f6d6f52b8a1791331e94b2aac753491d2a
generic

MIPS: Work around LLVM bug when gp is used as global register variable - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/4dc65b40fb80c2020efbf139b9a38d30f9a37b92
generic

MIPS: Work around LLVM bug when gp is used as global register variable - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/30bfc2d6a1132a89a5f1c3b96c59cf3e4d076ea3
generic

MIPS: Work around LLVM bug when gp is used as global register variable - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/1fe3b402b1e97a1718df3be0a1d3eee20133e735
generic

MIPS: Work around LLVM bug when gp is used as global register variable - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/05bff9b0ae095b2420cfebb4a96759a09334bec6

Vendor Advisories for CVE-2026-46250(2)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Patch Availability(5)

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

All Vendor Advisories

(5)

Data Freshness Timeline

(refreshed 22× in last 7d / 136× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

Showing the most recent 100 of 144 total refreshes for this CVE.

  1. 2026-07-06 16:27 UTCEPSS rescore
  2. 2026-07-06 02:23 UTCEPSS rescore
  3. 2026-07-05 02:30 UTCEPSS rescore
  4. 2026-07-04 06:31 UTCEPSS rescore
  5. 2026-07-03 19:48 UTCEG score recompute
  6. 2026-07-03 19:48 UTCVendor advisory
  7. 2026-07-03 19:48 UTCGHSA enrichment
  8. 2026-07-02 21:14 UTCEG score recompute
  9. 2026-07-02 21:14 UTCVendor advisory
  10. 2026-07-02 21:14 UTCGHSA enrichment
  11. 2026-07-02 09:26 UTCEG score recompute
  12. 2026-07-02 09:26 UTCVendor advisory
  13. 2026-07-02 09:26 UTCGHSA enrichment
  14. 2026-07-01 21:46 UTCEG score recompute
  15. 2026-07-01 21:46 UTCVendor advisory
  16. 2026-07-01 21:46 UTCGHSA enrichment
  17. 2026-07-01 15:07 UTCEPSS rescore
  18. 2026-07-01 09:57 UTCEG score recompute
  19. 2026-07-01 09:57 UTCGHSA enrichment
  20. 2026-06-30 23:22 UTCEPSS rescore
  21. 2026-06-30 22:10 UTCEG score recompute
  22. 2026-06-30 22:10 UTCGHSA enrichment
  23. 2026-06-30 00:55 UTCEG score recompute
  24. 2026-06-30 00:55 UTCGHSA enrichment
  25. 2026-06-29 14:06 UTCEPSS rescore
Show 75 more
  1. 2026-06-29 14:06 UTCEPSS rescore
  2. 2026-06-29 13:15 UTCEG score recompute
  3. 2026-06-29 13:15 UTCGHSA enrichment
  4. 2026-06-29 01:35 UTCEG score recompute
  5. 2026-06-29 01:35 UTCGHSA enrichment
  6. 2026-06-28 14:07 UTCEPSS rescore
  7. 2026-06-28 13:55 UTCEG score recompute
  8. 2026-06-28 13:55 UTCGHSA enrichment
  9. 2026-06-28 04:56 UTCEPSS rescore
  10. 2026-06-28 04:56 UTCEPSS rescore
  11. 2026-06-28 02:15 UTCEG score recompute
  12. 2026-06-28 02:15 UTCGHSA enrichment
  13. 2026-06-27 14:36 UTCEG score recompute
  14. 2026-06-27 14:36 UTCGHSA enrichment
  15. 2026-06-27 03:08 UTCEPSS rescore
  16. 2026-06-27 02:55 UTCEG score recompute
  17. 2026-06-27 02:55 UTCGHSA enrichment
  18. 2026-06-26 15:14 UTCEG score recompute
  19. 2026-06-26 15:13 UTCGHSA enrichment
  20. 2026-06-25 21:41 UTCEG score recompute
  21. 2026-06-25 21:41 UTCGHSA enrichment
  22. 2026-06-25 13:49 UTCEPSS rescore
  23. 2026-06-25 10:01 UTCEG score recompute
  24. 2026-06-25 10:01 UTCGHSA enrichment
  25. 2026-06-24 22:21 UTCEG score recompute
  26. 2026-06-24 22:21 UTCGHSA enrichment
  27. 2026-06-24 14:05 UTCEPSS rescore
  28. 2026-06-24 09:22 UTCEG score recompute
  29. 2026-06-24 09:22 UTCGHSA enrichment
  30. 2026-06-23 21:33 UTCEPSS rescore
  31. 2026-06-23 21:33 UTCEPSS rescore
  32. 2026-06-23 19:06 UTCEG score recompute
  33. 2026-06-23 19:06 UTCGHSA enrichment
  34. 2026-06-22 14:25 UTCEPSS rescore
  35. 2026-06-22 14:25 UTCEPSS rescore
  36. 2026-06-21 14:56 UTCEPSS rescore
  37. 2026-06-21 14:56 UTCEPSS rescore
  38. 2026-06-21 01:59 UTCEPSS rescore
  39. 2026-06-21 01:59 UTCEPSS rescore
  40. 2026-06-20 12:44 UTCEG score recompute
  41. 2026-06-20 12:44 UTCGHSA enrichment
  42. 2026-06-19 20:38 UTCEG score recompute
  43. 2026-06-19 20:37 UTCGHSA enrichment
  44. 2026-06-19 19:26 UTCEPSS rescore
  45. 2026-06-19 19:26 UTCEPSS rescore
  46. 2026-06-19 04:29 UTCEG score recompute
  47. 2026-06-19 04:29 UTCGHSA enrichment
  48. 2026-06-18 17:52 UTCEPSS rescore
  49. 2026-06-18 17:52 UTCEPSS rescore
  50. 2026-06-18 16:33 UTCEG score recompute
  51. 2026-06-18 16:32 UTCGHSA enrichment
  52. 2026-06-18 01:55 UTCEG score recompute
  53. 2026-06-18 01:55 UTCGHSA enrichment
  54. 2026-06-17 17:53 UTCEPSS rescore
  55. 2026-06-17 14:15 UTCEG score recompute
  56. 2026-06-17 14:14 UTCGHSA enrichment
  57. 2026-06-17 02:34 UTCEG score recompute
  58. 2026-06-17 02:34 UTCGHSA enrichment
  59. 2026-06-16 17:52 UTCEPSS rescore
  60. 2026-06-16 14:54 UTCEG score recompute
  61. 2026-06-16 14:54 UTCGHSA enrichment
  62. 2026-06-16 03:14 UTCEG score recompute
  63. 2026-06-16 03:14 UTCGHSA enrichment
  64. 2026-06-15 17:49 UTCEPSS rescore
  65. 2026-06-15 15:34 UTCEG score recompute
  66. 2026-06-15 15:34 UTCGHSA enrichment
  67. 2026-06-15 03:50 UTCEG score recompute
  68. 2026-06-15 03:50 UTCGHSA enrichment
  69. 2026-06-14 16:10 UTCEG score recompute
  70. 2026-06-14 16:10 UTCGHSA enrichment
  71. 2026-06-14 04:22 UTCEG score recompute
  72. 2026-06-14 04:22 UTCGHSA enrichment
  73. 2026-06-13 23:00 UTCEPSS rescore
  74. 2026-06-13 16:36 UTCEG score recompute
  75. 2026-06-13 16:36 UTCGHSA enrichment

Frequently asked(5)

What is CVE-2026-46250?
CVE-2026-46250 is a high vulnerability published on June 3, 2026. In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This…
When was CVE-2026-46250 disclosed?
CVE-2026-46250 was first published in the National Vulnerability Database on June 3, 2026, with the most recent update on June 9, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-46250 actively exploited?
CVE-2026-46250 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 2.8% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-46250?
CVE-2026-46250 has a CVSS v3 base score of 7.3 (NVD).
How do I remediate CVE-2026-46250?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-46250, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-46250

Explore →

Is Your Infrastructure Affected by CVE-2026-46250?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.