CVE-2026-46261 in Linux
Summary
by MITRE • 06/03/2026
In the Linux kernel, the following vulnerability has been resolved:
spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe()
platform_get_resource_byname() can return NULL, which would cause a crash when passed the pointer to resource_size().
Move the fiu->memory_size assignment after the error check for devm_ioremap_resource() to prevent the potential NULL pointer dereference.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/03/2026
This vulnerability exists within the Linux kernel's spi wpcm-fiu driver where a potential null pointer dereference can occur during device probe operations. The flaw manifests when platform_get_resource_byname() function returns NULL, which happens when the specified resource cannot be found in the device tree or platform configuration. When this null pointer is subsequently passed to resource_size() function, it triggers a kernel crash due to attempting to dereference a null memory address. The vulnerability represents a classic null pointer dereference issue that can lead to system instability and potential denial of service conditions. This type of vulnerability falls under CWE-476 which specifically addresses null pointer dereference conditions in software implementations.
The technical implementation flaw occurs in the device probe function wpcm_fiu_probe() where the driver performs resource allocation and initialization without proper null checking of intermediate results. The problematic sequence involves calling platform_get_resource_byname() to retrieve a memory resource, followed by using that resource pointer with resource_size() without verifying whether the resource pointer is valid. The memory mapping operation devm_ioremap_resource() is performed later in the code path, but the assignment of fiu->memory_size occurs before the error checking for this critical mapping function. This ordering issue creates a window where a null resource pointer can propagate through the code path and cause the subsequent dereference.
The operational impact of this vulnerability is significant as it can cause kernel crashes during system boot or device initialization phases when the wpcm-fiu spi controller driver is loaded. System administrators and embedded device manufacturers using platforms with this driver are at risk of experiencing unexpected system reboots or complete system hangs. The vulnerability affects any Linux kernel version that includes the wpcm-fiu driver implementation and impacts devices that utilize the wpcm-fiu spi controller for memory-mapped operations. Attackers could potentially exploit this to cause denial of service conditions, particularly in embedded systems where system stability is critical. The vulnerability aligns with ATT&CK technique T1499.004 which covers network denial of service attacks through kernel exploitation.
The recommended mitigation involves reordering the code logic to ensure proper error checking before attempting to use potentially null resource pointers. The fix requires moving the fiu->memory_size assignment to occur after the error check for devm_ioremap_resource() function, ensuring that memory allocation errors are properly handled before proceeding with resource size calculations. This approach follows secure coding practices by implementing proper null pointer validation and error handling before dereferencing pointers. Additionally, kernel maintainers should consider implementing comprehensive resource validation checks throughout the driver initialization sequence to prevent similar issues from occurring in other parts of the code. The fix aligns with best practices for kernel module development and follows the principle of defensive programming to prevent null pointer dereference conditions in kernel space operations.