Description
In the Linux kernel, the following vulnerability has been resolved:

spi: topcliff-pch: fix use-after-free on unbind

Give the driver a chance to flush its queue before releasing the DMA
buffers on driver unbind
Published: 2026-06-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The kernel driver topcliff‑pch had a use‑after‑free bug that could trigger during the unbind operation. The bug allowed the driver to release DMA buffers before its internal queue had fully flushed, potentially leaving dangling pointers that a subsequent memory allocation could reuse. This race can corrupt kernel memory, leading to a crash or, in the worst case, potentially allowing local code execution with kernel privileges; the extent of this consequence is inferred from the nature of the fault.

Affected Systems

The flaw exists in the Linux kernel’s topcliff‑pch driver. Any kernel version that includes this driver and does not contain the fix is vulnerable. The specific kernel release dates are not stated, so all current kernels missing the patch are affected until the update is applied.

Risk and Exploitability

The CVSS score is not supplied and the EPSS score is unavailable, so the numerical risk cannot be quantified. Because the vulnerability is triggered during driver unbind, it likely requires privileged access to perform the operation, a conclusion inferred from the need for driver management privileges. No public exploits are listed and the issue is not in the CISA KEV catalog. Nevertheless, the bug can lead to denial of service or privilege escalation if an attacker gains sufficient local access; this possibility is inferred from the potential kernel memory corruption.

Generated by OpenCVE AI on June 9, 2026 at 03:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the topcliff‑pch fix
  • Restart the system for the updated kernel to take effect
  • If immediate kernel upgrade is not possible, disable the topcliff‑pch driver using modprobe -r or by preventing unbind until the patch is deployed

Generated by OpenCVE AI on June 9, 2026 at 03:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Tue, 09 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References

Mon, 08 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on unbind Give the driver a chance to flush its queue before releasing the DMA buffers on driver unbind
Title spi: topcliff-pch: fix use-after-free on unbind
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-08T15:46:28.004Z

Reserved: 2026-05-13T15:03:33.111Z

Link: CVE-2026-46301

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:48.560

Modified: 2026-06-08T17:16:48.560

Link: CVE-2026-46301

cve-icon Redhat

Severity :

Publid Date: 2026-06-08T00:00:00Z

Links: CVE-2026-46301 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T03:45:26Z

Weaknesses