VDB

CVE-2026-23475

CVE-2026-23475 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a NULL-pointer dereference. Fix this by moving the statistics allocation to controller allocation while tying its lifetime to that of the controller (rather than using implicit devres).

EPSS 0.02% · 3.4th percentile

Risk Scores

EPSS Score
0.02%
3.4th percentile

Affected Products

VendorProductVersions
linuxlinux_kernel6.0, 6.0, 6.0
LinuxLinux6598b91b5ac32bc756d7c3000a31f775d4ead1c4, 6598b91b5ac32bc756d7c3000a31f775d4ead1c4, 6598b91b5ac32bc756d7c3000a31f775d4ead1c4

Timeline

  • Apr 3, 2026 CVE Published
  • Apr 7, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score
  • May 27, 2026 EPSS Score

References

…and 53 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›