CVE-2026-23475 in Kernel
Résumé (Anglaise)
In the Linux kernel, the following vulnerability has been resolved:
spi: fix statistics allocation
The controller per-cpu statistics is not allocated until after the
controller has been registered with driver core, which leaves a window
where accessing the sysfs attributes can trigger a NULL-pointer
dereference.
Fix this by moving the statistics allocation to controller allocation
while tying its lifetime to that of the controller (rather than using
implicit devres).
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Responsable
Linux
Réserver
13/01/2026
Divulgation
03/04/2026
Statut
Confirmé
Entrées
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnérabilité | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 355165 | Linux Kernel spi déni de service | 476 | Non défini | Correctif officiel | CVE-2026-23475 |