Skip to main content

Linux Kernel EUVDEUVD-2026-26581

| CVE-2026-31768 HIGH
2026-05-01 Linux
7.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 03, 2026 - 07:30 vuln.today
CVSS changed
May 03, 2026 - 07:22 NVD
7.8 (HIGH)
Patch released
May 03, 2026 - 07:16 nvd
Patch available
Patch available
May 01, 2026 - 16:33 EUVD
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26581
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 14:14 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: ti-adc161s626: use DMA-safe memory for spi_read()

Add a DMA-safe buffer and use it for spi_read() instead of a stack memory. All SPI buffers must be DMA-safe.

Since we only need up to 3 bytes, we just use a u8[] instead of __be16 and __be32 and change the conversion functions appropriately.

AnalysisAI

Improper Direct Memory Access (DMA) handling in the Linux kernel's ti-adc161s626 Industrial I/O (IIO) analog-to-digital converter driver allows local attackers with low privileges to trigger memory corruption or information disclosure. The vulnerability stems from using stack-allocated memory for SPI read operations instead of DMA-safe buffers, violating SPI subsystem requirements. Patches are available across multiple stable kernel versions (6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0). EPSS score of 0.02% indicates very low exploitation probability, and no public exploits or active exploitation (not in CISA KEV) have been identified.

Technical ContextAI

The vulnerability exists in the Industrial I/O (IIO) subsystem's Texas Instruments ADC161S626 analog-to-digital converter driver. SPI (Serial Peripheral Interface) operations require DMA-safe memory buffers because modern SPI controllers use Direct Memory Access for data transfers. When stack memory is passed to spi_read(), the SPI controller may attempt DMA operations on virtual addresses that aren't guaranteed to be physically contiguous or DMA-accessible, potentially causing memory corruption, data leaks from arbitrary kernel memory, or system instability. The fix allocates a proper DMA-safe buffer (u8 array) and adjusts byte-order conversion functions to work with the new buffer structure instead of stack-based __be16 and __be32 types. This affects systems using the ti-adc161s626 driver, typically embedded Linux systems with this specific ADC hardware.

RemediationAI

Upgrade to patched Linux kernel versions: 6.1.168 or later for the 6.1.x series, 6.6.134 or later for 6.6.x, 6.12.81 or later for 6.12.x, 6.18.22 or later for 6.18.x, 6.19.12 or later for 6.19.x, or upgrade to mainline kernel 7.0 or later. Patches are available from the Linux kernel stable repository at https://git.kernel.org/stable. If immediate patching is not feasible and the ti-adc161s626 driver is loaded as a module, disabling or blacklisting the module (add 'blacklist ti_adc161s626' to /etc/modprobe.d/blacklist.conf) will prevent exploitation but will disable ADC functionality for systems requiring this hardware - only viable if the ADC is not operationally necessary. For systems where the driver is compiled into the kernel and the ADC hardware is not used, removing or disconnecting the physical ADC device eliminates the attack surface but may require hardware modifications. No effective runtime workaround exists for systems actively using this ADC hardware without patching. Review systems inventory to identify which hosts use TI ADC161S626 hardware and prioritize patching those systems.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-26581 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy