Description
In the Linux kernel, the following vulnerability has been resolved:

spi: s3c64xx: fix NULL-deref on driver unbind

A change moving DMA channel allocation from probe() back to
s3c64xx_spi_prepare_transfer() failed to remove the corresponding
deallocation from remove().

Drop the bogus DMA channel release from remove() to avoid triggering a
NULL-pointer dereference on driver unbind.

This issue was flagged by Sashiko when reviewing a controller
deregistration fix.
Published: 2026-06-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves a null pointer dereference that is triggered when the SPI driver for s3c64xx devices is unbound. This defect can cause the kernel to crash, leading to a denial‑of‑service condition and loss of system availability.

Affected Systems

All Linux kernel builds that include the s3c64xx SPI driver before the commit that removes the bogus DMA channel release are affected. Distributions running these kernel versions without the patch are at risk. Kernels incorporating the change no longer contain the flaw.

Risk and Exploitability

Because the flaw is exercised during driver unbind, an attacker who can load or unload the module – a privileged user – could intentionally cause a crash. No EPSS value is reported, and the vulnerability is not listed in the CISA KEV catalog, indicating no known wild exploitation. Nonetheless, the potential for a kernel crash justifies immediate attention.

Generated by OpenCVE AI on June 8, 2026 at 18:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the s3c64xx driver patch (commit 1108b8722b9ff0cdd3e8aa18d98244fcd93b6760 or later).
  • If a kernel upgrade cannot be performed immediately, disable or remove the affected s3c64xx SPI driver to avoid unbind operations that could trigger the bug.
  • Monitor system logs for driver unbind events and kernel panic messages, and plan for timely kernel remediation.

Generated by OpenCVE AI on June 8, 2026 at 18:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: spi: s3c64xx: fix NULL-deref on driver unbind A change moving DMA channel allocation from probe() back to s3c64xx_spi_prepare_transfer() failed to remove the corresponding deallocation from remove(). Drop the bogus DMA channel release from remove() to avoid triggering a NULL-pointer dereference on driver unbind. This issue was flagged by Sashiko when reviewing a controller deregistration fix.
Title spi: s3c64xx: fix NULL-deref on driver unbind
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-08T15:46:23.539Z

Reserved: 2026-05-13T15:03:33.110Z

Link: CVE-2026-46296

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:48.037

Modified: 2026-06-08T17:16:48.037

Link: CVE-2026-46296

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T19:15:30Z

Weaknesses