Impact
The spi:imx driver unbind routine frees the controller object and any driver‑allocated data before the driver has finished using that memory. This creates a use‑after‑free condition that can corrupt kernel memory, resulting in unpredictable kernel behavior, potential crashes, or in the worst case, a loss of control over the system if the corruption is leveraged by a privileged attacker. The flaw corresponds to CWE‑416 (Use‑After‑Free) and also exhibits characteristics of CWE‑911 (Resource Management Errors). The description does not indicate that code execution, privilege escalation, or remote exploitation is possible; the impact is limited to memory corruption within local context.
Affected Systems
All Linux kernel builds that include the spi:imx driver before the kernel commits referenced by the fix are affected. The commits cited in the advisory (for example commit 132e47030b0b5e398e0da6c59df5a5dae9b52cff and the associated pull requests) introduce the patch. Therefore, any kernel version that has not been updated to include these changes remains vulnerable.
Risk and Exploitability
The CVSS score of 7.8 reflects high severity. The EPSS score is <1% and the vulnerability is not listed in CISA KEV. Exploitation would likely require local or kernel‑privileged access to trigger the controller deregistration or force the driver to unbind, making it less attractive as a widely exploitable threat. While the risk remains elevated, the lack of publicly available exploits reduces the likelihood of immediate compromise in most environments.
OpenCVE Enrichment
Debian DLA
Ubuntu USN