Linux Kernel: DMA coherency bug in xbox_remote driver — AWAITING NVD (CVE-2026-46236)

CISO Take

CVE-2026-46236 is a Linux kernel memory safety defect in the xbox_remote media/rc driver where the IO buffer is incorrectly embedded in the device structure, violating DMA coherency rules — a condition that can produce kernel memory corruption on affected hosts. While the vulnerability class (kernel memory corruption) can theoretically enable local privilege escalation, the xbox_remote USB HID driver is absent on virtually all server-class AI infrastructure, making real-world impact on AI environments negligible. No CVSS score has been assigned, no public exploit exists, and the CVE is not in CISA KEV. The appropriate action is to verify the module is not loaded on AI inference or training hosts and apply the upstream kernel patches referenced in the five stable-branch commits.

Sources: NVD ATLAS

What is the risk?

Risk to AI/ML environments is LOW. The xbox_remote driver is a consumer USB HID peripheral driver that is not loaded — and frequently not even compiled — on server-class Linux systems running AI workloads. DMA coherency violations are a serious bug class that can cause kernel memory corruption, but exploitation requires the driver to be loaded and typically requires local access. No CVSS score, no known exploit, no KEV listing. The AI category classification of 'llm_api' applied to this CVE appears to be a misclassification; this is an OS infrastructure issue, not an API or AI framework defect.

Attack Kill Chain

Local Access

Attacker gains local or physical access to a Linux host running AI inference or training workloads with the xbox_remote kernel module loaded.

AML.T0041

DMA Violation Trigger

Attacker attaches or emulates a USB Xbox remote device, triggering the DMA coherency violation caused by the IO buffer being improperly embedded in the device structure.

AML.T0049

Kernel Privilege Escalation

Kernel memory corruption from the misplaced DMA buffer is exploited to achieve root-level privilege escalation on the AI infrastructure host.

AML.T0106

AI Asset Exfiltration

With root access, attacker exfiltrates model weights, API credentials, or training data from the compromised AI host via conventional file system access.

AML.T0025

Local Access

Attacker gains local or physical access to a Linux host running AI inference or training workloads with the xbox_remote kernel module loaded.

AML.T0041

DMA Violation Trigger

Attacker attaches or emulates a USB Xbox remote device, triggering the DMA coherency violation caused by the IO buffer being improperly embedded in the device structure.

AML.T0049

Kernel Privilege Escalation

Kernel memory corruption from the misplaced DMA buffer is exploited to achieve root-level privilege escalation on the AI infrastructure host.

AML.T0106

AI Asset Exfiltration

With root access, attacker exfiltrates model weights, API credentials, or training data from the compromised AI host via conventional file system access.

AML.T0025

Severity & Risk

CVSS 3.1

N/A

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

Advanced

What should I do?

5 steps

Audit AI infrastructure servers: run lsmod | grep xbox_remote to confirm the driver is not loaded.
If present and unnecessary, blacklist the module permanently via echo 'blacklist xbox_remote' >> /etc/modprobe.d/blacklist.conf and run modprobe -r xbox_remote.
Apply upstream kernel patches from the five stable-branch commits referenced in the CVE (git.kernel.org links in CVE references).
Follow your distribution's kernel update cadence — patches will propagate to downstream distros.
No workaround exists beyond driver removal or kernel patching.

Classification

Code Execution Inference AML.T0010.000 - Hardware AML.T0025 - Exfiltration via Cyber Means

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 9 - Risk management system

ISO 42001

8.4 - AI system operation

NIST AI RMF

MANAGE 2.2 - Treatment of identified risks to AI systems

Frequently Asked Questions

What is CVE-2026-46236?

CVE-2026-46236 is a Linux kernel memory safety defect in the xbox_remote media/rc driver where the IO buffer is incorrectly embedded in the device structure, violating DMA coherency rules — a condition that can produce kernel memory corruption on affected hosts. While the vulnerability class (kernel memory corruption) can theoretically enable local privilege escalation, the xbox_remote USB HID driver is absent on virtually all server-class AI infrastructure, making real-world impact on AI environments negligible. No CVSS score has been assigned, no public exploit exists, and the CVE is not in CISA KEV. The appropriate action is to verify the module is not loaded on AI inference or training hosts and apply the upstream kernel patches referenced in the five stable-branch commits.

Is CVE-2026-46236 actively exploited?

No confirmed active exploitation of CVE-2026-46236 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-46236?

1. Audit AI infrastructure servers: run `lsmod | grep xbox_remote` to confirm the driver is not loaded. 2. If present and unnecessary, blacklist the module permanently via `echo 'blacklist xbox_remote' >> /etc/modprobe.d/blacklist.conf` and run `modprobe -r xbox_remote`. 3. Apply upstream kernel patches from the five stable-branch commits referenced in the CVE (git.kernel.org links in CVE references). 4. Follow your distribution's kernel update cadence — patches will propagate to downstream distros. 5. No workaround exists beyond driver removal or kernel patching.

What systems are affected by CVE-2026-46236?

This vulnerability affects the following AI/ML architecture patterns: model serving, training pipelines.

What is the CVSS score for CVE-2026-46236?

No CVSS score has been assigned yet.

AI Security Impact

Affected AI Architectures

model servingtraining pipelines

MITRE ATLAS Techniques

AML.T0010.000 Hardware

AML.T0025 Exfiltration via Cyber Means

Compliance Controls Affected

EU AI Act: Article 9

ISO 42001: 8.4

NIST AI RMF: MANAGE 2.2

Technical Details

Original Advisory

In the Linux kernel, the following vulnerability has been resolved: media: rc: xbox_remote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates the DMA coherency rules.

Exploitation Scenario

An adversary with local or physical access to a Linux AI inference server that happens to have the xbox_remote module loaded attaches or emulates a USB Xbox remote device, triggering the DMA coherency violation in the driver's improperly placed IO buffer. The resulting kernel memory corruption is chained into a privilege escalation exploit granting root access. With root on the AI host, the attacker exfiltrates model weights, Anthropic/OpenAI API keys stored in environment variables, or proprietary training datasets from mounted storage — without triggering application-layer authentication controls.