CVE Catalog

CVE-2026-46326

HighCVSS 8.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

In the Linux kernel, the IIO subsystem for the mprls0025pa pressure sensor fails to zero out the spi_transfer struct before use. This can lead to undefined behavior during SPI communication.

Risk Assessment

The risk involves potential malfunction of the pressure sensor, leading to incorrect readings or system failure in industrial and IoT environments.

Recommendation

It is recommended to update the Linux kernel to a version containing the fix that ensures the spi_transfer struct is zeroed before use.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation Make sure that the spi_transfer struct is zeroed out before use.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS