Description
In the Linux kernel, the following vulnerability has been resolved:

spi: fix statistics allocation

The controller per-cpu statistics is not allocated until after the
controller has been registered with driver core, which leaves a window
where accessing the sysfs attributes can trigger a NULL-pointer
dereference.

Fix this by moving the statistics allocation to controller allocation
while tying its lifetime to that of the controller (rather than using
implicit devres).
Published: 2026-04-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel SPI driver does not allocate per‑CPU statistics until after a controller is registered. This creates a window in which reading driver sysfs entries can dereference a null pointer, causing an oops and a kernel crash. The weakness is a null pointer dereference (CWE‑476) and is fixed by allocating statistics at controller initialization.

Affected Systems

Any Linux kernel version that contains the pre‑fix SPI driver implementation is affected. The vendor record lists “Linux:Linux,” and the CPE identifiers cover all linux_kernel builds, so the vulnerability applies to all architectures running an unpatched kernel. The specific affected versions are not listed explicitly; based on the description, it is inferred that versions prior to the merge of commit 118ce777d39f03cac99231196f820e4f998613a8 are vulnerable.

Risk and Exploitability

With a CVSS score of 5.5 and an EPSS score of less than 1 %, the risk is moderate. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access to the sysfs interface, and a user can trigger a kernel panic by reading the driver attributes during the allocation window. There is no remote code execution risk, but a local attacker can cause a denial‑of‑service through a system crash.

Generated by OpenCVE AI on May 20, 2026 at 17:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the running kernel to a version that contains the SPI statistics allocation fix.
  • If an update is not immediately possible, restrict or remove read access to the SPI driver’s sysfs files by adjusting the file permissions or disabling the driver.
  • Monitor kernel logs for oops or panic messages related to the SPI driver to detect accidental exposure of the allocation window.

Generated by OpenCVE AI on May 20, 2026 at 17:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6238-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Wed, 20 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-824
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a NULL-pointer dereference. Fix this by moving the statistics allocation to controller allocation while tying its lifetime to that of the controller (rather than using implicit devres).
Title spi: fix statistics allocation
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:07:44.110Z

Reserved: 2026-01-13T15:37:46.022Z

Link: CVE-2026-23475

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-03T16:16:35.440

Modified: 2026-05-20T15:14:29.237

Link: CVE-2026-23475

cve-icon Redhat

Severity : Low

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23475 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T17:45:36Z

Weaknesses