Description
In the Linux kernel, the following vulnerability has been resolved:

spi: imx: fix use-after-free on unbind

The SPI subsystem frees the controller and any subsystem allocated
driver data as part of deregistration (unless the allocation is device
managed).

Take another reference before deregistering the controller so that the
driver data is not freed until the driver is done with it.
Published: 2026-05-27
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The spi:imx driver unbind routine frees the controller object and any driver‑allocated data before the driver has finished using that memory. This creates a use‑after‑free condition that can corrupt kernel memory, resulting in unpredictable kernel behavior, potential crashes, or in the worst case, a loss of control over the system if the corruption is leveraged by a privileged attacker. The description does not indicate that code execution, privilege escalation, or remote exploitation is possible; the impact is limited to memory corruption within local context.

Affected Systems

All Linux kernel builds that include the spi:imx driver before the kernel commits referenced by the fix are affected. The commits cited in the advisory (for example commit 132e47030b0b5e398e0da6c59df5a5dae9b52cff and the associated pull requests) introduce the patch. Therefore, any kernel version that has not been updated to include these changes remains vulnerable.

Risk and Exploitability

The CVSS score of 5.5 reflects moderate severity. No EPSS score is available and the vulnerability is not listed in CISA KEV. Exploitation would likely require local or kernel‑privileged access to trigger the controller deregistration or force the driver to unbind, making it less attractive as a widely exploitable threat. While the risk is moderate, the lack of publicly available exploits reduces the likelihood of immediate compromise in most environments.

Generated by OpenCVE AI on May 28, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the spi:imx use‑after‑free fix committed in the advisory changesets.
  • If a kernel upgrade is not currently feasible, disable or unload the spi:imx driver or physically remove the device to prevent the unbind routine from executing on the vulnerable code path.
  • After applying the update or disabling the driver, reboot the system or reload the kernel module to ensure the corrected behavior is active and the use‑after‑free path is no longer exercised.

Generated by OpenCVE AI on May 28, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration (unless the allocation is device managed). Take another reference before deregistering the controller so that the driver data is not freed until the driver is done with it.
Title spi: imx: fix use-after-free on unbind
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:47:00.884Z

Reserved: 2026-05-13T15:03:33.091Z

Link: CVE-2026-45996

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:17.180

Modified: 2026-06-16T13:44:45.407

Link: CVE-2026-45996

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45996 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T04:00:10Z

Weaknesses