Skip to main content

Linux Kernel CVE-2026-46261

| EUVDEUVD-2026-34123 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-03 Linux GHSA-86fj-8698-3qp6
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 09, 2026 - 20:21 vuln.today
CVSS changed
Jun 09, 2026 - 20:07 NVD
5.5 (MEDIUM)
Patch available
Jun 03, 2026 - 19:01 EUVD
CVE Published
Jun 03, 2026 - 15:49 nvd
MEDIUM 5.5
CVE Published
Jun 03, 2026 - 15:49 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe()

platform_get_resource_byname() can return NULL, which would cause a crash when passed the pointer to resource_size().

Move the fiu->memory_size assignment after the error check for devm_ioremap_resource() to prevent the potential NULL pointer dereference.

AnalysisAI

NULL pointer dereference in the Linux kernel's SPI WPCM FIU driver allows a local low-privileged attacker to crash the kernel via a denial-of-service condition. The wpcm_fiu_probe() function passes the return value of platform_get_resource_byname() directly to resource_size() without validating against NULL, meaning if the named resource is absent the kernel dereferences a NULL pointer and panics. No public exploit exists and no active exploitation is confirmed; EPSS of 0.02% (5th percentile) reflects the narrow, hardware-specific attack surface.

Technical ContextAI

The vulnerability resides in drivers/spi/spi-wpcm-fiu.c within the Linux kernel, affecting the Nuvoton WPCM FIU (Flash Interface Unit) SPI controller driver. The root cause is CWE-476 (NULL Pointer Dereference): platform_get_resource_byname() is a kernel API that returns NULL when the requested named I/O memory resource is not found in the platform device's resource table. The driver assigned fiu->memory_size = resource_size(res) before confirming that devm_ioremap_resource() succeeded and that res was non-NULL, meaning a malformed or absent ACPI/DT resource description causes resource_size() to operate on a NULL pointer, triggering a kernel oops. The fix relocates the fiu->memory_size assignment to after the NULL/error check. CPE data identifies the affected component as cpe:2.3:a:linux:linux. The vulnerability was introduced at commit 9838c182471ee5532824bae7f2669d3539719f78.

RemediationAI

The primary fix is to upgrade to patched Linux kernel stable releases: 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0. Upstream fix commits are available at https://git.kernel.org/stable/c/9e5cb7e67fbdb8320d68d87db882a92b36f6a1d9 (and sibling commits 2c538a0b, 0f93a80e, cb9b2dc3, 888a0a80) for cherry-picking into custom kernel builds. If a kernel upgrade is not immediately feasible, a targeted workaround is to blacklist or prevent loading of the spi-wpcm-fiu kernel module on systems that do not use Nuvoton WPCM FIU hardware ('echo blacklist spi-wpcm-fiu >> /etc/modprobe.d/blacklist.conf'), which prevents the vulnerable probe path from executing entirely with no functional side effects on non-WPCM platforms. On systems that do require the driver, restrict physical and local user access to the affected hardware nodes as a partial compensating control.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-46261 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy