spi: cadence-quadspi: fix unclocked access on unbind
Summary
| CVE | CVE-2026-46203 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-28 10:16:35 UTC |
| Updated | 2026-06-19 13:16:35 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: fix unclocked access on unbind Make sure that the controller is runtime resumed before disabling it during driver unbind to avoid an unclocked register access. This issue was flagged by Sashiko when reviewing a controller deregistration fix. |
Risk And Classification
Primary CVSS: v3.1 7.1 HIGH from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS: 0.001310000 probability, percentile 0.029920000 (date 2026-06-24)
Problem Types: CWE-125
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | 7.1 | rc1 | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 0578a6dbfe7514db7134501cf93acc21cf13e479 2e7cd62c37f51823c2bb79de1d4d76d0c1678c7e git | Not specified |
| CNA | Linux | Linux | affected 0578a6dbfe7514db7134501cf93acc21cf13e479 63a9f6012f453578898c9fcc13c8452a8651104e git | Not specified |
| CNA | Linux | Linux | affected 0578a6dbfe7514db7134501cf93acc21cf13e479 d67a5311818b3e6481a1e4293c9337ebfee73111 git | Not specified |
| CNA | Linux | Linux | affected 0578a6dbfe7514db7134501cf93acc21cf13e479 233db2cb14db8b1935dda52a6affd97276462b82 git | Not specified |
| CNA | Linux | Linux | affected 6.7 | Not specified |
| CNA | Linux | Linux | unaffected 6.7 semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.94 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.36 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0.9 7.0.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.1 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/2e7cd62c37f51823c2bb79de1d4d76d0c1678c7e | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/233db2cb14db8b1935dda52a6affd97276462b82 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/63a9f6012f453578898c9fcc13c8452a8651104e | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/d67a5311818b3e6481a1e4293c9337ebfee73111 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.