CVE-2026-43356 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

iio: imu: adis: Fix NULL pointer dereference in adis_init

The adis_init() function dereferences adis->ops to check if the
individual function pointers (write, read, reset) are NULL, but does
not first check if adis->ops itself is NULL.

Drivers like adis16480, adis16490, adis16545 and others do not set
custom ops and rely on adis_init() assigning the defaults. Since struct
adis is zero-initialized by devm_iio_device_alloc(), adis->ops is NULL
when adis_init() is called, causing a NULL pointer dereference:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
pc : adis_init+0xc0/0x118
Call trace:
adis_init+0xc0/0x118
adis16480_probe+0xe0/0x670

Fix this by checking if adis->ops is NULL before dereferencing it,
falling through to assign the default ops in that case.

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from a NULL pointer dereference in the adis driver initialization routine. When the driver ifad itialises, it assumes that an operation structure is present and immediately dereferences it to inspect function pointers. If the ops pointer is null—as is the case when the driver has not yet provided custom operations—a kernel panic occurs. This expands the impact to a complete loss of kernel stability, effectively denying service to the affected host. The weakness is a classic Null Pointer Dereference.

Affected Systems

All Linux kernel installations that include the IIO IMU drivers for ADIS devices such as adis16480, adis16490, adis16545, and related sensors are affected. The flaw exists in any kernel that incorporates these drivers without the recent patch, regardless of distribution or vendor kernel version. The precise range of affected kernel versions is not specified in the advisory, but any build compiled with the unpatched code is vulnerable.

Risk and Exploitability

The exploit path requires access to the device driver subsystem, which generally implies local or privileged access to the machine. No public exploits or vulnerability exploitation guide are known, and the EPSS score is not available, so the likelihood of an attacker successfully leveraging this flaw is uncertain. The issue is not listed in the CISA Known Exploited Vulnerabilities catalog. Nonetheless, the kernel crash could be triggered by a malicious device or software component that interacts with the ADIS sensors, so the risk remains significant for systems that rely on persistent availability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4`	affected	< ba19dd366528b961430f5195c2e382420703074f
`3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4`	affected	< 1a48f94c63a078e7b6a2e59a637fc0858dc6510c
`3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4`	affected	< 9990cd4f8827bd1ae3fb6eb7407630d8d463c430

Linux

affected

Version	Status	Constraints
`6.15`	affected	—
`0`	unaffected	< 6.15
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4,ba19dd366528b961430f5195c2e382420703074f)`	affected	code_commit	—
`[3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4,1a48f94c63a078e7b6a2e59a637fc0858dc6510c)`	affected	code_commit	—
`[3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4,9990cd4f8827bd1ae3fb6eb7407630d8d463c430)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.15`	affected	generic	—
`[0,6.15)`	unaffected	generic	—
`[6.18.19,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the kernel to a version containing the adis NULL pointer dereference fix, or apply the specific commit that adds the NULL check to adis_init; obtain the patch from the commit referenced in the advisory links.
Rebuild or reinstall the affected IIO drivers using the patched source so that the default operation structure is correctly assigned.
Temporarily blacklist or unload the adis kernel modules until the kernel is updated to avoid panic if the sensor is present.

Generated by OpenCVE AI on May 8, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1a48f94c63a078e7b6a2e59a637fc0858dc6510c
https://git.kernel.org/stable/c/9990cd4f8827bd1ae3fb6eb7407630d8d463c430
https://git.kernel.org/stable/c/ba19dd366528b961430f5195c2e382420703074f

History

Fri, 08 May 2026 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adis_init The adis_init() function dereferences adis->ops to check if the individual function pointers (write, read, reset) are NULL, but does not first check if adis->ops itself is NULL. Drivers like adis16480, adis16490, adis16545 and others do not set custom ops and rely on adis_init() assigning the defaults. Since struct adis is zero-initialized by devm_iio_device_alloc(), adis->ops is NULL when adis_init() is called, causing a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : adis_init+0xc0/0x118 Call trace: adis_init+0xc0/0x118 adis16480_probe+0xe0/0x670 Fix this by checking if adis->ops is NULL before dereferencing it, falling through to assign the default ops in that case.
Title		iio: imu: adis: Fix NULL pointer dereference in adis_init
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1a48f94c63a078e7b6a2e59a637fc0858dc6510c https://git.kernel.org/stable/c/9990cd4f8827bd1ae3fb6eb7407630d8d463c430 https://git.kernel.org/stable/c/ba19dd366528b961430f5195c2e382420703074f

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:12.373Z

Updated: 2026-05-08T14:21:12.373Z

Reserved: 2026-05-01T14:12:56.005Z

Link: CVE-2026-43356

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:46.367

Modified: 2026-05-08T15:16:46.367

Link: CVE-2026-43356

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-08T18:30:06Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object