CVE Catalog

CVE-2026-46301

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

A use-after-free vulnerability was found in the Linux kernel's SPI topcliff-pch driver. The issue occurs on driver unbind when the SPI queue is not flushed before releasing DMA buffers.

Risk Assessment

An attacker could exploit this vulnerability to access already freed memory, potentially causing system crashes or privilege escalation.

Recommendation

Update the Linux kernel to a version containing the fix that ensures the SPI queue is flushed before releasing DMA buffers on driver unbind.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on unbind Give the driver a chance to flush its queue before releasing the DMA buffers on driver unbind

Vulnerability data from NVD (NIST) · CISA KEV · EPSS