Skip to main content

Linux Kernel EUVDEUVD-2026-32852

| CVE-2026-46225 MEDIUM
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-fqv4-j66g-hgpv
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 10, 2026 - 19:08 vuln.today
CVSS changed
Jun 10, 2026 - 19:07 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

spi: rspi: fix controller deregistration

Make sure to deregister the controller before releasing underlying resources like DMA during driver unbind.

AnalysisAI

Improper resource deregistration ordering in the Linux kernel's spi/rspi (Renesas SPI controller) driver causes a local denial-of-service condition during driver unbind. The rspi driver releases DMA resources before deregistering the SPI controller, creating a window where in-flight controller operations can reference freed memory, resulting in a kernel crash or panic. With CVSS availability impact rated High and EPSS at 0.02% (5th percentile), this is a low-probability but locally exploitable stability issue affecting systems with Renesas SPI hardware. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Technical ContextAI

The affected component is the spi/rspi driver in the Linux kernel, which manages Renesas Serial Peripheral Interface (SPI) controllers. During driver unbind (e.g., module removal or device hotplug events), the cleanup sequence must deregister the SPI controller first to drain pending transfers before releasing underlying DMA channel resources. The bug inverts this order, allowing the SPI subsystem to continue referencing DMA structures that have already been freed. CPE data confirms the affected product as cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*, with the vulnerability introduced at commit 9e03d05eee4ca45ed12749ef6c26bf616262cdd2 and present since at least Linux 3.14. Although no CWE is formally assigned, the root cause class most closely aligns with improper resource cleanup ordering, analogous to CWE-459 (Incomplete Cleanup) or CWE-416 (Use After Free), as freed DMA memory can be accessed by the still-registered controller. The 'Information Disclosure' tag in the source data conflicts with the CVSS confidentiality impact of C:N - this tag appears to be a mis-tagging and should not be treated as a confirmed confidentiality risk.

RemediationAI

Upstream-released patched kernel versions confirm the fix across all active stable branches: upgrade to Linux 6.12.90, 6.6.140, 6.18.32, 7.0.9, or 7.1-rc1 (or later). The specific fix commits are available at https://git.kernel.org/stable/c/c5090db1b31de3ef4db0cda7e822ab49cb572292, https://git.kernel.org/stable/c/77defd64b405b680db73d767313fce770d368368, https://git.kernel.org/stable/c/9944fa6726afb1e6eb7e2212764e7da0c97f2dcc, https://git.kernel.org/stable/c/aee76c1dd189562c6678313caec12761f78a9ef3, and https://git.kernel.org/stable/c/fee6abd9845c3edd217b0e429d09f764f9a5693e. For systems that cannot be patched immediately, a compensating control is to blacklist or prevent unloading of the rspi kernel module (e.g., via /etc/modprobe.d/blacklist-rspi.conf adding 'install rspi /bin/true'), which eliminates the driver unbind path; the trade-off is loss of SPI controller functionality. Systems without Renesas SPI hardware are not exposed and require no action.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

EUVD-2026-32852 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy