Description
In the Linux kernel, the following vulnerability has been resolved:

iio: adc: ti-adc161s626: use DMA-safe memory for spi_read()

Add a DMA-safe buffer and use it for spi_read() instead of a stack
memory. All SPI buffers must be DMA-safe.

Since we only need up to 3 bytes, we just use a u8[] instead of __be16
and __be32 and change the conversion functions appropriately.
Published: 2026-05-01
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer on the stack was used for SPI read operations in the TI ADC161S626 driver, which is not DMA‑safe and may allow DMA transfers to read or write outside the intended memory region. The fix replaces that stack buffer with a DMA‑safe u8[] buffer and adjusts conversion logic, preventing unauthorized kernel memory corruption. The weakness corresponds to improper input handling leading to buffer overflows (CWE‑120).

Affected Systems

Any Linux kernel build that includes the iio:adc:ti-adc161s626 driver before the patch is vulnerable. Systems running those kernel versions with the driver enabled for hardware that performs SPI reads are at risk.

Risk and Exploitability

Specific exploitation requires hardware access to trigger an SPI read under conditions that exploit the DMA‑unsafe buffer. The CVSS score of 7.8 places this vulnerability in the high‑severity range, and the EPSS score of <1% indicates exploitation is unlikely. The vulnerability is not listed in the CISA KEV catalog. If exploited, memory corruption could destabilize the system or expose sensitive data depending on which kernel region is overwritten.

Generated by OpenCVE AI on May 3, 2026 at 07:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version containing the dm‑safe spi_read patch for the ti‑adc161s626 driver.
  • If a kernel upgrade is not feasible, apply the relevant patch from the commit logs that introduces the DMA‑safe buffer and rebuild the kernel so the corrected driver is used.
  • After updating, reboot the system or reload the driver to ensure the change takes effect.

Generated by OpenCVE AI on May 3, 2026 at 07:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Sun, 03 May 2026 06:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
References

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-adc161s626: use DMA-safe memory for spi_read() Add a DMA-safe buffer and use it for spi_read() instead of a stack memory. All SPI buffers must be DMA-safe. Since we only need up to 3 bytes, we just use a u8[] instead of __be16 and __be32 and change the conversion functions appropriately.
Title iio: adc: ti-adc161s626: use DMA-safe memory for spi_read()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-03T05:45:49.425Z

Reserved: 2026-03-09T15:48:24.140Z

Link: CVE-2026-31768

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:39.977

Modified: 2026-05-03T07:16:20.197

Link: CVE-2026-31768

cve-icon Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31768 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-03T07:30:16Z

Weaknesses