7.8
CVE-2026-45996
- EPSS 0.14%
- Veröffentlicht 27.05.2026 12:55:50
- Zuletzt bearbeitet 16.06.2026 13:44:45
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
spi: imx: fix use-after-free on unbind
In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration (unless the allocation is device managed). Take another reference before deregistering the controller so that the driver data is not freed until the driver is done with it.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.19 < 6.6.140
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.86
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.27
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.037 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/f99165ef067723221472ce1aff632bc74f562643
https://git.kernel.org/stable/c/385a330083f8dd47c15b02e9a83aef9234a37003
https://git.kernel.org/stable/c/132e47030b0b5e398e0da6c59df5a5dae9b52cff
https://git.kernel.org/stable/c/aa9025a498036b6012769f7af36d421385386c17
https://git.kernel.org/stable/c/1c78c2002380a1fe31bfb01a3d5f29809e55a096