Description
In the Linux kernel, the following vulnerability has been resolved:

spi: imx: fix use-after-free on unbind

The SPI subsystem frees the controller and any subsystem allocated
driver data as part of deregistration (unless the allocation is device
managed).

Take another reference before deregistering the controller so that the
driver data is not freed until the driver is done with it.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability occurs when the SPI subsystem unbinds a device, freeing the controller and associated driver data before the driver has finished using it. This causes a use‑after‑free condition that can corrupt memory and provide a foothold for arbitrary code execution.

Affected Systems

All Linux kernel installations that include the spi:imx driver are affected until the fix described in the referenced commits is applied. Specific kernel versions are not enumerated in the data, so any build predating the patch is considered vulnerable.

Risk and Exploitability

Use‑after‑free flaws are generally considered a high‑severity issue; the CVSS score is not provided, and EPSS is unavailable, but the absence of a KEV listing does not diminish the inherent risk. An attacker with local or kernel‑privileged access, or one able to trigger driver unbinding, could exploit the flaw to corrupt memory and potentially gain elevated privileges. The lack of a listed exploit in exploitation databases only indicates that a public exploit has not been reported yet, not that the vulnerability is less dangerous.

Generated by OpenCVE AI on May 27, 2026 at 17:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the patch (see the referenced commit logs).
  • Once updated, reload the spi:imx driver or reboot to ensure the unbind path is exercised with the new code.
  • If an immediate kernel upgrade is not possible, disable the spi:imx driver or prevent the unbind operation by removing the device from the system.

Generated by OpenCVE AI on May 27, 2026 at 17:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration (unless the allocation is device managed). Take another reference before deregistering the controller so that the driver data is not freed until the driver is done with it.
Title spi: imx: fix use-after-free on unbind
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:55:50.195Z

Reserved: 2026-05-13T15:03:33.091Z

Link: CVE-2026-45996

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:17.180

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45996

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T17:15:38Z

Weaknesses

No weakness.