spi: fix statistics allocation

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2026-23475
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-04-03 16:16:35 UTC
Updated2026-04-03 16:16:35 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a NULL-pointer dereference. Fix this by moving the statistics allocation to controller allocation while tying its lifetime to that of the controller (rather than using implicit devres).

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 80c5bd0dca1cc5526ae0f4b273ccd163ed4caa4e git Not specified
CNA Linux Linux affected 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 f13100b1f5f111989f0750540a795fdef47492af git Not specified
CNA Linux Linux affected 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 df30056c78e8bead02d4be020199cabdbec0fef1 git Not specified
CNA Linux Linux affected 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 378b295f67102eef78cf2c28105f60ae1dab5cc1 git Not specified
CNA Linux Linux affected 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 118ce777d39f03cac99231196f820e4f998613a8 git Not specified
CNA Linux Linux affected 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 dee0774bbb2abb172e9069ce5ffef579b12b3ae9 git Not specified
CNA Linux Linux affected 6.0 Not specified
CNA Linux Linux unaffected 6.0 semver Not specified
CNA Linux Linux unaffected 6.1.167 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.130 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.78 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.20 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.10 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0-rc5 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/dee0774bbb2abb172e9069ce5ffef579b12b3ae9 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/118ce777d39f03cac99231196f820e4f998613a8 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/f13100b1f5f111989f0750540a795fdef47492af 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/80c5bd0dca1cc5526ae0f4b273ccd163ed4caa4e 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/df30056c78e8bead02d4be020199cabdbec0fef1 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/378b295f67102eef78cf2c28105f60ae1dab5cc1 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report