Description
In the Linux kernel, the following vulnerability has been resolved:

iio: pressure: mprls0025pa: fix spi_transfer struct initialisation

Make sure that the spi_transfer struct is zeroed out before use.
Published: 2026-06-09
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The MPRLS0025PA driver in the Industrial I/O subsystem was found to use a spi_transfer structure without fully zero‑initializing it before use. The CVE report states that the fix ensures the struct is zeroed out prior to use. It is inferred that uninitialized fields could result in unintended data being transmitted over the SPI bus, potentially leading to driver instability or kernel memory corruption, although the exact impact is not explicitly stated in the description.

Affected Systems

All Linux kernel builds that include the MPRLS0025PA driver before the commit that applied this zero‑initialization fix are affected. The driver is part of the default kernel source, so any distribution shipping an unpatched kernel version is at risk. Both generic kernel images and custom configurations that enable this driver would be impacted.

Risk and Exploitability

The CVSS score is not publicly available and the EPSS data is not provided; KEV status is not listed. The likely attack vector requires local access to the SPI device and interaction with the driver, implying that an attacker would need local or privileged access. While no public exploit has been disclosed, the inferred potential for kernel memory corruption could allow a crash or privilege escalation if successfully triggered, resulting in a moderate to potentially high risk in environments where such local access is feasible.

Generated by OpenCVE AI on June 10, 2026 at 05:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the MPRLS0025PA driver fix that zero‑initializes the spi_transfer structure
  • If an upgrade cannot be applied immediately, disable the MPRLS0025PA driver or block access to the associated SPI device to prevent its use until patched
  • Monitor system logs for driver errors or anomalous SPI traffic and take corrective action such as rebooting or disabling the device if suspicious events occur

Generated by OpenCVE AI on June 10, 2026 at 05:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-457

Wed, 10 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-909
References

Tue, 09 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-457

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation Make sure that the spi_transfer struct is zeroed out before use.
Title iio: pressure: mprls0025pa: fix spi_transfer struct initialisation
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-09T12:25:53.893Z

Reserved: 2026-05-13T15:03:33.112Z

Link: CVE-2026-46326

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T14:16:42.300

Modified: 2026-06-09T14:16:42.300

Link: CVE-2026-46326

cve-icon Redhat

Severity :

Publid Date: 2026-06-09T00:00:00Z

Links: CVE-2026-46326 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T05:30:08Z

Weaknesses
  • CWE-909

    Missing Initialization of Resource