VDB
DEBIAN-CVE-2026-23475
DEBIAN-CVE-2026-23475
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a NULL-pointer dereference. Fix this by moving the statistics allocation to controller allocation while tying its lifetime to that of the controller (rather than using implicit devres).
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 0, *, 6.12.85-1 |
| Debian:12 | linux | *, 6.12.63-1~bpo12+1, 6.12.69-1 |
| Debian:11 | linux-6.1 | 6.1.148-1, 6.1.153-1, 6.1.158-1 |
| Debian:14 | linux | *, *, 6.12.74-2 |
Exploit Intelligence
- 4593.2.0.yml (github-poc)
- 4628.1.0.yml (github-poc)
Timeline
- Apr 3, 2026 CVE Published
- May 2, 2026 CVE Updated