Description
In the Linux kernel, the following vulnerability has been resolved:

spi: mpc52xx: fix controller deregistration

Make sure to deregister the controller before disabling and releasing
underlying resources like interrupts and gpios during driver unbind.
Published: 2026-05-28
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE identifies that the Linux kernel’s spi/mpc52xx driver deregisters the controller after disabling and releasing resources such as interrupts and GPIOs during the driver unbind process. This ordering can leave dangling references to freed memory or improper cleanup of hardware resources, which may manifest as kernel instability or malfunctioning SPI operations.

Affected Systems

Any Linux kernel that includes the spi/mpc52xx driver is affected. Specific kernel version ranges are not provided in the advisory, so the issue may exist in multiple releases prior to the applied fix.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. The EPSS score of less than 1% suggests a very low but non‑zero likelihood of exploitation, and the vulnerability is not listed in CISA KEV. The CVE description does not specify an attack vector or privilege requirement; therefore, it is unknown whether an attacker could exploit this flaw without elevated privileges or how the flaw might be abused.

Generated by OpenCVE AI on June 10, 2026 at 19:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that includes the commit applying the fix for the spi/mpc52xx driver
  • If an update is not immediately feasible, manually apply the changes from the referenced commit to the running kernel source or to a custom kernel build
  • Ensure that the spi/mpc52xx driver is not loaded on systems that have not yet been upgraded to the patched kernel version

Generated by OpenCVE AI on June 10, 2026 at 19:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 29 May 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-459
References

Thu, 28 May 2026 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix controller deregistration Make sure to deregister the controller before disabling and releasing underlying resources like interrupts and gpios during driver unbind.
Title spi: mpc52xx: fix controller deregistration
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:02:14.695Z

Reserved: 2026-05-13T15:03:33.104Z

Link: CVE-2026-46200

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:35.677

Modified: 2026-06-10T17:14:37.060

Link: CVE-2026-46200

cve-icon Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46200 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T20:00:16Z

Weaknesses