Skip to main content

Linux EUVDEUVD-2026-18750

| CVE-2026-23475 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-04-03 Linux GHSA-p23v-v2wc-73m3
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 20, 2026 - 15:22 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
378b295f67102eef78cf2c28105f60ae1dab5cc1,80c5bd0dca1cc5526ae0f4b273ccd163ed4caa4e,118ce777d39f03cac99231196f820e4f998613a8
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18750
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

spi: fix statistics allocation

The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a NULL-pointer dereference.

Fix this by moving the statistics allocation to controller allocation while tying its lifetime to that of the controller (rather than using implicit devres).

AnalysisAI

NULL-pointer dereference in Linux kernel SPI subsystem allows local denial of service via sysfs attribute access. The SPI controller's per-CPU statistics structure is not allocated until after the controller registers with the driver core, creating a race window where sysfs attribute reads can trigger a kernel panic. This affects all Linux kernel versions with the vulnerable SPI statistics implementation; exploitation requires local system access to read sysfs files.

Technical ContextAI

The vulnerability exists in the Linux kernel's SPI (Serial Peripheral Interface) controller subsystem. The issue involves improper lifetime management of per-CPU statistics data structures used for performance monitoring. The SPI controller framework allocates statistics using devres (device resource management) but performs this allocation after the controller is registered with the Linux driver core. During the registration window, kernel code permits sysfs attribute access before the statistics buffer is initialized, resulting in dereferencing a NULL pointer when userspace reads performance counters from /sys/devices/platform/spi_*/statistics/. The fix relocates statistics allocation to occur during controller allocation rather than relying on implicit devres cleanup, ensuring the data structure is available before any sysfs interface becomes accessible. This is a resource lifecycle and state management issue within the kernel's bus abstraction layer.

RemediationAI

Update the Linux kernel to a patched version containing one of the upstream fixes referenced in the stable kernel repository. The primary mitigation is kernel upgrade; distributions including Debian, Ubuntu, Fedora, and RHEL have backported these fixes into their respective stable and LTS kernel versions. Systems administrators should check their Linux vendor's security advisories for the specific patched kernel version available for their distribution. As an interim workaround on systems where immediate kernel updates are not feasible, restrict access to /sys/devices/platform/*/statistics/ sysfs attributes via filesystem permissions or AppArmor/SELinux policies to prevent unprivileged users from triggering the NULL-pointer dereference. Verify remediation by confirming kernel version and checking git.kernel.org for the specific commit sha matching your installed version.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-18750 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy