CVE-2026-31768 - Vulnerability Details

- iio: adc: ti-adc161s626: use DMA-safe memory for spi_read()

Description

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: ti-adc161s626: use DMA-safe memory for spi_read()

Add a DMA-safe buffer and use it for spi_read() instead of a stack
memory. All SPI buffers must be DMA-safe.

Since we only need up to 3 bytes, we just use a u8[] instead of __be16
and __be32 and change the conversion functions appropriately.

Published: 2026-05-01

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The iio:adc:ti-adc161s626 driver in the Linux kernel used a stack buffer for its spi_read() operation, which is not DMA‑safe. During an SPI DMA transfer, this can cause data to be written to or read from memory locations outside the intended region, providing an opportunity for kernel memory corruption. The applied patch replaces the unsafe stack buffer with a DMA‑safe u8[] buffer and adjusts conversion logic to prevent the out‑of‑bounds access, addressing the buffer overflow weakness (CWE‑120).

Affected Systems

Any Linux kernel build that includes the ti‑adc161s626 driver before the patch is released, particularly systems that enable the driver for hardware that performs SPI reads.

Risk and Exploitability

The CVSS score of 7.8 places this vulnerability in the high‑severity category, and the EPSS score of <1% indicates that exploitation is unlikely in the current environment. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a local or physically present attacker able to trigger the spi_read operation, as the handler runs in kernel space; based on the description, it is inferred that such an attacker could create or accelerate a DMA transfer that exploits the unsafe buffer, potentially leading to kernel memory corruption, system instability, or privileged escalation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4d671b71beefbfc145b971a11e0c3cabde94b673`	affected	< b3bb8faeca1a2ef7be95ee8a512b639f9ffce947
`4d671b71beefbfc145b971a11e0c3cabde94b673`	affected	< fa64aab25aba47296aa8d12bb4c88ec3fecb2054
`4d671b71beefbfc145b971a11e0c3cabde94b673`	affected	< 67b3a91bdc48220bfb67155ab528121b9c822782
`4d671b71beefbfc145b971a11e0c3cabde94b673`	affected	< 014c6d27878d3883f7bb065610768fd021de1a96
`4d671b71beefbfc145b971a11e0c3cabde94b673`	affected	< d2d031b0786ea66ab0577c9d2d71435068d32199
`4d671b71beefbfc145b971a11e0c3cabde94b673`	affected	< 768461517a28d80fe81ea4d5d03a90cd184ea6ad

Linux

affected

Version	Status	Constraints
`4.9`	affected	—
`0`	unaffected	< 4.9
`6.1.168`	unaffected	≤ 6.1.*
`6.6.134`	unaffected	≤ 6.6.*
`6.12.81`	unaffected	≤ 6.12.*
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[4d671b71beefbfc145b971a11e0c3cabde94b673,b3bb8faeca1a2ef7be95ee8a512b639f9ffce947)`	affected	code_commit	—
`[4d671b71beefbfc145b971a11e0c3cabde94b673,d2d031b0786ea66ab0577c9d2d71435068d32199)`	affected	code_commit	—
`[4d671b71beefbfc145b971a11e0c3cabde94b673,fa64aab25aba47296aa8d12bb4c88ec3fecb2054)`	affected	code_commit	—
`[4d671b71beefbfc145b971a11e0c3cabde94b673,67b3a91bdc48220bfb67155ab528121b9c822782)`	affected	code_commit	—
`[4d671b71beefbfc145b971a11e0c3cabde94b673,014c6d27878d3883f7bb065610768fd021de1a96)`	affected	code_commit	—
`[4d671b71beefbfc145b971a11e0c3cabde94b673,768461517a28d80fe81ea4d5d03a90cd184ea6ad)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.9`	affected	generic	—
`[0,4.9)`	unaffected	generic	—
`[6.1.168,6.2.0)`	unaffected	generic	—
`[6.6.134,6.7.0)`	unaffected	generic	—
`[6.12.81,6.13.0)`	unaffected	generic	—
`[6.18.22,6.19.0)`	unaffected	generic	—
`[6.19.12,6.20.0)`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the DMA‑safe spi_read patch for the ti‑adc161s626 driver.
If a kernel upgrade is not feasible, apply the relevant patch from the commit logs that introduce the DMA‑safe buffer and rebuild the kernel so the corrected driver is used.
Reload the driver or reboot the system to ensure the changes take effect.
Restrict physical access to devices using the TI ADC161S626 or disable the SPI interface when not needed.

Generated by OpenCVE AI on May 11, 2026 at 20:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4561-1	linux-6.1 security update
Debian DSA	DSA-6243-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/014c6d27878d3883f7bb065610768fd021de1a96
https://git.kernel.org/stable/c/67b3a91bdc48220bfb67155ab528121b9c822782
https://git.kernel.org/stable/c/768461517a28d80fe81ea4d5d03a90cd184ea6ad
https://git.kernel.org/stable/c/b3bb8faeca1a2ef7be95ee8a512b639f9ffce947
https://git.kernel.org/stable/c/d2d031b0786ea66ab0577c9d2d71435068d32199
https://git.kernel.org/stable/c/fa64aab25aba47296aa8d12bb4c88ec3fecb2054
https://lore.kernel.org/linux-cve-announce/2026050147-CVE-2026-31768-6fbc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31768
https://www.cve.org/CVERecord?id=CVE-2026-31768

History

Mon, 11 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::

Sun, 03 May 2026 06:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-120
References		https://lore.kernel.org/linux-cve-announce/2026050147-CVE-2026-31768-6fbc@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31768 https://www.cve.org/CVERecord?id=CVE-2026-31768

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-adc161s626: use DMA-safe memory for spi_read() Add a DMA-safe buffer and use it for spi_read() instead of a stack memory. All SPI buffers must be DMA-safe. Since we only need up to 3 bytes, we just use a u8[] instead of __be16 and __be32 and change the conversion functions appropriately.
Title		iio: adc: ti-adc161s626: use DMA-safe memory for spi_read()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/014c6d27878d3883f7bb065610768fd021de1a96 https://git.kernel.org/stable/c/67b3a91bdc48220bfb67155ab528121b9c822782 https://git.kernel.org/stable/c/768461517a28d80fe81ea4d5d03a90cd184ea6ad https://git.kernel.org/stable/c/b3bb8faeca1a2ef7be95ee8a512b639f9ffce947 https://git.kernel.org/stable/c/d2d031b0786ea66ab0577c9d2d71435068d32199 https://git.kernel.org/stable/c/fa64aab25aba47296aa8d12bb4c88ec3fecb2054

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:14:57.971Z

Updated: 2026-05-11T22:15:26.264Z

Reserved: 2026-03-09T15:48:24.140Z

Link: CVE-2026-31768

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-01T15:16:39.977

Modified: 2026-05-11T17:54:28.360

Link: CVE-2026-31768

Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31768 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-11T20:15:09Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object