Skip to main content

Linux Kernel CVE-2026-46200

| EUVDEUVD-2026-32827 MEDIUM
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-pxf3-q4jm-4wrr
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 10, 2026 - 19:31 vuln.today
CVSS changed
Jun 10, 2026 - 17:22 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

spi: mpc52xx: fix controller deregistration

Make sure to deregister the controller before disabling and releasing underlying resources like interrupts and gpios during driver unbind.

AnalysisAI

Denial-of-service via improper resource teardown ordering in the Linux kernel's MPC52xx SPI controller driver (spi/mpc52xx) affects systems running PowerPC-based embedded hardware. During driver unbind, the SPI controller was deregistered after - rather than before - disabling underlying resources such as interrupts and GPIOs, creating a window where the kernel could access freed or disabled resources and trigger a system crash. No public exploit has been identified at time of analysis, and with an EPSS of 0.02% (5th percentile), real-world exploitation is assessed as very low probability.

Technical ContextAI

The MPC52xx SPI controller driver (drivers/spi/spi-mpc52xx.c) targets Freescale/NXP MPC52xx PowerPC system-on-chip hardware. The defect is a driver lifecycle ordering error: on module unbind or device removal, the kernel must deregister the SPI controller before tearing down hardware resources (IRQs, GPIOs). The original code reversed this order, meaning in-flight SPI bus activity or callbacks could reference already-disabled interrupt lines or released GPIO descriptors, resulting in a null/dangling pointer dereference and kernel panic. While CWE is not formally assigned, the root cause aligns with CWE-416 (Use After Free) or CWE-362 (Race Condition) class defects triggered during hardware abstraction layer teardown. Affected CPEs are cpe:2.3:o:linux:linux_kernel across multiple stable branches from 2.6.33 onward through the patched commits.

RemediationAI

Upgrade to a patched Linux kernel version: 6.12.90 or later for the 6.12.x stable series, 7.0.9 or later for the 7.0.x series, 6.18.32 or later for the 6.18.x series, or 7.1-rc1 or later for mainline. The upstream fix commits are available at https://git.kernel.org/stable/c/0f997fdae819a8c2cc83bd4ff7d935ad76c727c9, https://git.kernel.org/stable/c/28f28a0f4e327f792c230493a0ea00389ff68ff5, https://git.kernel.org/stable/c/7fea80d93bfd34051b2ac1cec07766c87d8d28be, and https://git.kernel.org/stable/c/a3669f678d0ee8b686d3eea4c0ed9817c9374945. As a compensating control on systems that cannot be patched immediately, preventing unprivileged users from triggering device removal or module unloading (e.g., restricting udev rules and module management to root only) reduces exploitation surface. Note this control does not eliminate risk from automated hotplug events or physical device removal.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

CVE-2026-46200 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy