CVE-2026-46203 - Vulnerability Details

- spi: cadence-quadspi: fix unclocked access on unbind

Description

In the Linux kernel, the following vulnerability has been resolved:

spi: cadence-quadspi: fix unclocked access on unbind

Make sure that the controller is runtime resumed before disabling it
during driver unbind to avoid an unclocked register access.

This issue was flagged by Sashiko when reviewing a controller
deregistration fix.

Published: 2026-05-28

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The cadence-QuadSPI driver can access hardware registers while the controller clock is disabled during the unbind process. This unclocked register access can trigger a fault within the kernel and lead to a crash. The flaw does not allow arbitrary code execution or remote exploitation, but it can cause a denial of service for users who have local privileged access. The weakness arises from a missing pre‑condition check before disabling the controller.

Affected Systems

All Linux kernel builds that contain the cadence-quadspi driver are affected. Platforms that use Cadence QuadSPI controllers may also be impacted; the specific SoC families are inferred from typical deployments and not explicitly stated in the CVE data. Kernels that lack the recent commit that guarantees the controller is runtime resumed before it is powered down during unbind are vulnerable.

Risk and Exploitability

A CVSS score of 7.1 is available, EPSS <1%, and the vulnerability is not listed in CISA KEV. The vulnerability requires an attacker to have the capability to unbind the driver, normally limited to root or kernel module execution, making it mainly local and confined to availability rather than confidentiality or integrity. No widespread exploitation has been reported.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0578a6dbfe7514db7134501cf93acc21cf13e479`	affected	< d67a5311818b3e6481a1e4293c9337ebfee73111
`0578a6dbfe7514db7134501cf93acc21cf13e479`	affected	< 233db2cb14db8b1935dda52a6affd97276462b82

Linux

affected

Version	Status	Constraints
`6.7`	affected	—
`0`	unaffected	< 6.7
`7.0.9`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.1:rc1::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[0578a6dbfe7514db7134501cf93acc21cf13e479,d67a5311818b3e6481a1e4293c9337ebfee73111)`	affected	code_commit	—
`[0578a6dbfe7514db7134501cf93acc21cf13e479,233db2cb14db8b1935dda52a6affd97276462b82)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.7`	affected	generic	—
`[0,6.7)`	unaffected	generic	—
`[7.0.9,7.1.0)`	unaffected	semver	—
`[7.1-rc2,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a release that contains the cadence‑quadspi commit that restores runtime resume before disabling the controller, thereby addressing the buffer read‑outside‑bounds issue (CWE‑125) and the use of an invalidated resource (CWE‑826).
If an immediate kernel upgrade is not possible, ensure that any driver removal sequence performs a resume before the de‑initialization path; avoid accessing registers with the clock disabled to mitigate the buffer over‑read and invalidated resource risks.
Continuously monitor kernel logs for evidence of unclocked access faults (e.g., “unclocked register access” messages); if a crash occurs, consider rebooting or disabling the device until a patched kernel is available.

Generated by OpenCVE AI on June 10, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00122.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/233db2cb14db8b1935dda52a6affd97276462b82
https://git.kernel.org/stable/c/d67a5311818b3e6481a1e4293c9337ebfee73111
https://lore.kernel.org/linux-cve-announce/2026052833-CVE-2026-46203-8cc7@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46203
https://www.cve.org/CVERecord?id=CVE-2026-46203

History

Wed, 10 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
CPEs		cpe:2.3:o:linux:linux_kernel:7.1:rc1::::::
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}`

Fri, 29 May 2026 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-665

Fri, 29 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-826
References		https://lore.kernel.org/linux-cve-announce/2026052833-CVE-2026-46203-8cc7@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46203 https://www.cve.org/CVERecord?id=CVE-2026-46203
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Thu, 28 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-665

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: fix unclocked access on unbind Make sure that the controller is runtime resumed before disabling it during driver unbind to avoid an unclocked register access. This issue was flagged by Sashiko when reviewing a controller deregistration fix.
Title		spi: cadence-quadspi: fix unclocked access on unbind
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/233db2cb14db8b1935dda52a6affd97276462b82 https://git.kernel.org/stable/c/d67a5311818b3e6481a1e4293c9337ebfee73111

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:40:20.631Z

Updated: 2026-06-14T18:02:28.442Z

Reserved: 2026-05-13T15:03:33.104Z

Link: CVE-2026-46203

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-28T10:16:35.960

Modified: 2026-06-10T16:55:57.357

Link: CVE-2026-46203

Redhat

Severity : Low

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46203 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-10T19:30:37Z

Weaknesses

CWE-125
Out-of-bounds Read
CWE-826
Premature Release of Resource During Expected Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object