Skip to main content

Linux Kernel EUVDEUVD-2026-32759

| CVE-2026-46241 HIGH
Use After Free (CWE-416)
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-529r-6cww-q8vr
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
6.5 MEDIUM

Local low-priv access, AC:H because the attacker must race a probe-failure path; integrity/availability high via UAF, confidentiality only low as leaks are incidental.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 10, 2026 - 23:20 vuln.today
CVSS changed
Jun 10, 2026 - 21:07 NVD
7.8 (HIGH)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
HIGH 7.8
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

spi: mpc52xx: fix use-after-free on registration failure

Make sure to disable and free the interrupts in case controller registration fails to avoid a potential use-after-free and resource leak.

This issue was flagged by Sashiko when reviewing a controller deregistration fix.

AnalysisAI

Use-after-free in the Linux kernel SPI controller driver for Freescale MPC52xx (spi-mpc52xx) occurs when controller registration fails and the previously requested interrupts are not properly disabled or released, leaving dangling interrupt handlers tied to freed memory. Local users with the ability to load or interact with this SPI driver on affected systems could potentially trigger memory corruption or information disclosure. EPSS is 0.02% and there is no public exploit identified at time of analysis, but the issue is rated CVSS 7.8 due to high impact on confidentiality, integrity, and availability.

Technical ContextAI

The flaw lies in drivers/spi/spi-mpc52xx.c, the Linux SPI master controller driver for the Freescale MPC5200 PowerPC SoC family. On the error path after a failed call to spi_register_controller(), the driver previously did not call free_irq()/disable IRQ for interrupts it had already registered, so the kernel could later invoke the registered ISR against memory belonging to the freed controller structure - a textbook CWE-416 Use-After-Free. This pattern was spotted while reviewing a related controller deregistration fix and is being corrected by reordering the error path to tear down interrupts before freeing the controller.

RemediationAI

Vendor-released patch: upgrade to Linux kernel 6.12.90, 6.18.32, 7.0.9, or 7.1-rc1 (or later) from the stable trees, or apply the upstream commits 336d9ad7560b, 5c77f11b9b5f, 8b49b6aadd0c, and f62c060272b9 referenced at https://git.kernel.org/stable/c/336d9ad7560b3baba17af06727a888040ee93390 and the sibling git.kernel.org URLs in the NVD advisory (https://nvd.nist.gov/vuln/detail/CVE-2026-46241). For systems that cannot patch immediately, a workable compensating control is to avoid loading the spi-mpc52xx module on systems that do not require it (blacklist it in /etc/modprobe.d/) - the trade-off is loss of SPI bus access on Freescale MPC5200-based hardware that actually depends on the driver. Restricting which local users can load kernel modules (CAP_SYS_MODULE) and tightening physical and console access also reduce the already small attack surface, with no functional side effects for typical deployments.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

EUVD-2026-32759 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy