CVE-2026-46282 - Vulnerability Details

- iio: frequency: admv1013: fix NULL pointer dereference on str

Description

In the Linux kernel, the following vulnerability has been resolved:

iio: frequency: admv1013: fix NULL pointer dereference on str

When device_property_read_string() fails, str is left uninitialized
but the code falls through to strcmp(str, ...), dereferencing a garbage
pointer. Replace manual read/strcmp with
device_property_match_property_string() and consolidate the SE mode
enums into a single sequential enum, mapping to hardware register
values via a switch consistent with other bitfields in the driver.

Several cleanup patches have been applied to this driver recently so
this will need a manual backport.

Published: 2026-06-08

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The kernel driver for the admv1013 IIO device performs a string comparison on a pointer that may not be initialized. When device_property_read_string() fails, the pointer remains unset and the code falls through to a strcmp call, resulting in a NULL or garbage pointer dereference and a kernel fault that brings the system down.

Affected Systems

All Linux kernels that include the admv1013 driver are potentially vulnerable. The product identifier lists the Linux kernel generically, and no specific version range is provided. Patches referenced in the advisory are recent, so any kernel that has not incorporated these fixes—whether from newer releases or custom builds—may still contain the flaw.

Risk and Exploitability

The flaw leads to denial of service through a kernel crash. Local access to the admv1013 device is required to trigger the fault, as the issue arises during a device property read operation. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog. Because the fault is a straightforward pointer dereference in privileged kernel code, the risk of exploitation is considered moderate to high when an attacker can interact with the device. The likely attack vector is local interaction with the admv1013 driver, inferred from the description of the fault being triggered during a property read. No public exploitation kit has been reported.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`da35a7b526d9b258a2cb8b7816f736a41b32176b`	affected	< 3a9d8ec2051c2d80158ed7bded5e158c42870037
`da35a7b526d9b258a2cb8b7816f736a41b32176b`	affected	< 5e9f1bad26df3d3afb3cbbfa408b6d6e809708ac
`da35a7b526d9b258a2cb8b7816f736a41b32176b`	affected	< 2dc8d26690bf4e7226409563221c37bc095c94ff
`da35a7b526d9b258a2cb8b7816f736a41b32176b`	affected	< aac0a51b16700b403a55b67ba495de021db78763

Linux

affected

Version	Status	Constraints
`5.17`	affected	—
`0`	unaffected	< 5.17
`6.12.86`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[da35a7b526d9b258a2cb8b7816f736a41b32176b,3a9d8ec2051c2d80158ed7bded5e158c42870037)`	affected	code_commit	—
`[da35a7b526d9b258a2cb8b7816f736a41b32176b,5e9f1bad26df3d3afb3cbbfa408b6d6e809708ac)`	affected	code_commit	—
`[da35a7b526d9b258a2cb8b7816f736a41b32176b,2dc8d26690bf4e7226409563221c37bc095c94ff)`	affected	code_commit	—
`[da35a7b526d9b258a2cb8b7816f736a41b32176b,aac0a51b16700b403a55b67ba495de021db78763)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.17`	affected	generic	—
`[0,5.17)`	unaffected	generic	—
`[6.12.86,6.13.0)`	unaffected	semver	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the backported patch that replaces the unsafe string handling with device_property_match_property_string() and corrects enum handling.
Upgrade the Linux kernel to a version that includes the fixed admv1013 driver.
If the admv1013 device is not required, disable or unload the driver to eliminate the vulnerable code path.

Generated by OpenCVE AI on June 8, 2026 at 19:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2dc8d26690bf4e7226409563221c37bc095c94ff
https://git.kernel.org/stable/c/3a9d8ec2051c2d80158ed7bded5e158c42870037
https://git.kernel.org/stable/c/5e9f1bad26df3d3afb3cbbfa408b6d6e809708ac
https://git.kernel.org/stable/c/aac0a51b16700b403a55b67ba495de021db78763
https://lore.kernel.org/linux-cve-announce/2026060842-CVE-2026-46282-f087@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46282
https://www.cve.org/CVERecord?id=CVE-2026-46282

History

Tue, 09 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-824
References		https://lore.kernel.org/linux-cve-announce/2026060842-CVE-2026-46282-f087@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46282 https://www.cve.org/CVERecord?id=CVE-2026-46282

Mon, 08 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Mon, 08 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When device_property_read_string() fails, str is left uninitialized but the code falls through to strcmp(str, ...), dereferencing a garbage pointer. Replace manual read/strcmp with device_property_match_property_string() and consolidate the SE mode enums into a single sequential enum, mapping to hardware register values via a switch consistent with other bitfields in the driver. Several cleanup patches have been applied to this driver recently so this will need a manual backport.
Title		iio: frequency: admv1013: fix NULL pointer dereference on str
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2dc8d26690bf4e7226409563221c37bc095c94ff https://git.kernel.org/stable/c/3a9d8ec2051c2d80158ed7bded5e158c42870037 https://git.kernel.org/stable/c/5e9f1bad26df3d3afb3cbbfa408b6d6e809708ac https://git.kernel.org/stable/c/aac0a51b16700b403a55b67ba495de021db78763

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-08T15:41:25.273Z

Updated: 2026-06-08T15:41:25.273Z

Reserved: 2026-05-13T15:03:33.110Z

Link: CVE-2026-46282

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-08T17:16:45.940

Modified: 2026-06-08T17:16:45.940

Link: CVE-2026-46282

Redhat

Severity :

Publid Date: 2026-06-08T00:00:00Z

Links: CVE-2026-46282 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-08T19:15:30Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object