5.5
CVE-2026-23475
- EPSS 0.12%
- Veröffentlicht 03.04.2026 15:15:54
- Zuletzt bearbeitet 20.05.2026 15:14:29
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
spi: fix statistics allocation
In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a NULL-pointer dereference. Fix this by moving the statistics allocation to controller allocation while tying its lifetime to that of the controller (rather than using implicit devres).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.0 < 6.1.167
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.130
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.78
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.20
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.10
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
Linux ≫ Linux Kernel Version7.0 Updaterc3
Linux ≫ Linux Kernel Version7.0 Updaterc4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.024 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/80c5bd0dca1cc5526ae0f4b273ccd163ed4caa4e
https://git.kernel.org/stable/c/f13100b1f5f111989f0750540a795fdef47492af
https://git.kernel.org/stable/c/df30056c78e8bead02d4be020199cabdbec0fef1
https://git.kernel.org/stable/c/378b295f67102eef78cf2c28105f60ae1dab5cc1
https://git.kernel.org/stable/c/118ce777d39f03cac99231196f820e4f998613a8
https://git.kernel.org/stable/c/dee0774bbb2abb172e9069ce5ffef579b12b3ae9