CVE-2026-46282
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
In the Linux kernel, the admv1013 frequency driver has a NULL pointer dereference vulnerability. When device_property_read_string() fails, the str variable remains uninitialized, and the code proceeds to strcmp(str, ...), dereferencing garbage memory.
Risk Assessment
An attacker could trigger a kernel panic or potentially escalate privileges by controlling the uninitialized memory, leading to system instability or compromise.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit resolving the issue). For embedded systems using the admv1013 driver, manual backport of the patch is recommended.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When device_property_read_string() fails, str is left uninitialized but the code falls through to strcmp(str, ...), dereferencing a garbage pointer. Replace manual read/strcmp with device_property_match_property_string() and consolidate the SE mode enums into a single sequential enum, mapping to hardware register values via a switch consistent with other bitfields in the driver. Several cleanup patches have been applied to this driver recently so this will need a manual backport.

