CVE Catalog

CVE-2026-45996

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

A vulnerability related to use-after-free in the SPI subsystem has been fixed in the Linux kernel. The issue occurred during the deregistration of the controller, which could lead to improper freeing of driver data.

Risk Assessment

Organizations may be exposed to system crashes or unexpected application behavior if the SPI controller is improperly registered or removed.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure system stability.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration (unless the allocation is device managed). Take another reference before deregistering the controller so that the driver data is not freed until the driver is done with it.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS