Description
In the Linux kernel, the following vulnerability has been resolved:

spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe()

platform_get_resource_byname() can return NULL, which would cause a crash
when passed the pointer to resource_size().

Move the fiu->memory_size assignment after the error check for
devm_ioremap_resource() to prevent the potential NULL pointer dereference.
Published: 2026-06-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the wpcm_fiu_probe() function of the Linux kernel’s SPI subsystem, where the code may dereference a NULL pointer returned by platform_get_resource_byname(). This null dereference leads to a kernel crash and consequently a system reboot or unresponsive state, resulting in a denial of service. The weakness is a classic pointer dereference without null check (CWE‑476).

Affected Systems

Linux kernel distributions that include the WPCM‑FIU SPI driver are affected. No specific kernel version information is provided, so any kernel containing the unpatched wpcm_fiu_probe() code is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity. The EPSS score is <1% and the issue is not listed in the CISA KEV catalog, indicating that it is not a known widely exploited vulnerability at this time. Based on the description, it is inferred that an attacker who has local or privileged access could load or configure the WPCM‑FIU driver (for example during boot or by executing modprobe) to trigger the crash. The likely attack vector therefore involves local kernel module manipulation. The lack of a public exploit and the requirement for kernel module control suggest a moderate risk, but the severity of a kernel crash warrants taking action even if exploitation probability is low.

Generated by OpenCVE AI on June 9, 2026 at 23:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Linux kernel patch that removes the NULL pointer dereference in wpcm_fiu_probe()
  • Restart the system to boot into the updated kernel
  • If the update is not immediately possible, disable or avoid loading the WPCM‑FIU SPI driver (e.g., set 'module_wpcm_fiu=0' in the boot configuration or remove the device handle)

Generated by OpenCVE AI on June 9, 2026 at 23:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 05 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 03 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which would cause a crash when passed the pointer to resource_size(). Move the fiu->memory_size assignment after the error check for devm_ioremap_resource() to prevent the potential NULL pointer dereference.
Title spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-03T15:49:58.684Z

Reserved: 2026-05-13T15:03:33.108Z

Link: CVE-2026-46261

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-06-03T18:16:27.330

Modified: 2026-06-09T20:03:17.883

Link: CVE-2026-46261

cve-icon Redhat

Severity :

Publid Date: 2026-06-03T00:00:00Z

Links: CVE-2026-46261 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:45:15Z

Weaknesses