Description
In the Linux kernel, the following vulnerability has been resolved:

spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations

The core will deal with reads by creating clock cycles itself, there's
no need to generate clock cycles by transmitting garbage data at the
driver level. Further, transmitting garbage data just bricks the transfer
since QSPI doesn't have a dedicated master-out line like MOSI in regular
SPI. I'm not entirely sure if the transfer is bricked because of the
garbage data being transmitted on the bus or because the core loses
track of whether it is supposed to be sending or receiving data.
Published: 2026-05-28
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The microchip‑core‑qspi driver in the Linux kernel mistakenly initiates data transmission while performing read‑only dual/quad operations. Because QSPI lacks a dedicated master‑out line, this erroneous transmission corrupts the clock sequence and can completely halt the transaction, effectively bricking the peripheral bus. The flaw does not expose data or grant additional privileges; its impact is limited to availability of the QSPI interface.

Affected Systems

Any Linux kernel build that contains the unmodified microchip‑core‑qspi driver is affected. The vulnerability is confined to the QSPI subsystem, so only QSPI devices and drivers that rely on the core‑qspi module are at risk. Distribution‑specific kernel versions that shipped unpatched are vulnerable, but no specific vendor or product versions are listed in this advisory.

Risk and Exploitability

Exploitation of the flaw appears to require local kernel execution or privileged access to trigger the faulty transaction. The EPSS score of less than 1% indicates a very low probability of real‑world exploitation, and the vulnerability is not catalogued in CISA’s KEV. Nonetheless, repeated bricking of QSPI transfers can severely disrupt systems that depend on these devices, making the defect a moderate availability risk within affected environments, as reflected by the CVSS score of 5.5.

Generated by OpenCVE AI on June 11, 2026 at 07:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that incorporates the upstream fix for the microchip‑core‑qspi driver, which corrects the logic that incorrectly generates transmission cycles (CWE‑372).
  • Configure the kernel to disable or remove the microchip‑core‑qspi module if read‑only dual/quad operations are not required, thereby eliminating the risky code path that causes the buffer misuse.
  • Continuously monitor system logs for QSPI transaction failures and consider temporarily disabling QSPI devices or rebooting the system to reset the bus until a patched kernel is installed.

Generated by OpenCVE AI on June 11, 2026 at 07:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Thu, 11 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-372
References

Thu, 28 May 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage data at the driver level. Further, transmitting garbage data just bricks the transfer since QSPI doesn't have a dedicated master-out line like MOSI in regular SPI. I'm not entirely sure if the transfer is bricked because of the garbage data being transmitted on the bus or because the core loses track of whether it is supposed to be sending or receiving data.
Title spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:01:35.461Z

Reserved: 2026-05-13T15:03:33.104Z

Link: CVE-2026-46192

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:34.837

Modified: 2026-06-11T03:11:02.670

Link: CVE-2026-46192

cve-icon Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46192 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T07:30:08Z

Weaknesses