Skip to main content

Linux Kernel EUVDEUVD-2026-35427

| CVE-2026-46326 HIGH
2026-06-09 Linux GHSA-wc7q-fhj4-hpq4
8.4
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
3.6 LOW

Local attacker (AV:L) needs the specific MPRLS0025PA SPI sensor and driver loaded (AC:H) plus IIO device access typically requiring privileges (PR:L); impact is limited kernel-stack leak and unreliable SPI transfers, no integrity loss.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
SUSE
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 14, 2026 - 06:36 vuln.today
CVSS changed
Jun 14, 2026 - 06:22 NVD
8.4 (HIGH)
Patch available
Jun 09, 2026 - 15:01 EUVD
CVE Published
Jun 09, 2026 - 12:25 cve.org
HIGH 8.4
CVE Published
Jun 09, 2026 - 12:25 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

iio: pressure: mprls0025pa: fix spi_transfer struct initialisation

Make sure that the spi_transfer struct is zeroed out before use.

AnalysisAI

Uninitialized stack memory disclosure in the Linux kernel's iio pressure sensor driver (mprls0025pa) for the Honeywell MPRLS0025PA SPI pressure sensor stems from a spi_transfer struct that was not zeroed before use. Local users on systems with the vulnerable driver loaded may trigger undefined SPI transfer behavior and potentially leak kernel stack contents. There is no public exploit identified at time of analysis, and EPSS rates exploitation likelihood at 0.02% (5th percentile).

Technical ContextAI

The bug lives in drivers/iio/pressure/mprls0025pa-spi.c, the Industrial I/O (IIO) subsystem driver for Honeywell's MPRLS0025PA absolute pressure sensor reached over SPI. The driver declared a struct spi_transfer on the stack and populated only some of its fields before passing it to spi_sync()/spi_message, leaving members such as delay, cs_change, bits_per_word, speed_hz, and tx_nbits holding arbitrary stack garbage. While the input tag labels this 'Information Disclosure', the underlying defect is classic CWE-457 (Use of Uninitialized Variable) / CWE-908 (Use of Uninitialized Resource), which in a SPI controller path can cause both unpredictable bus behavior and potential exposure of adjacent kernel stack data via the populated transfer descriptor.

RemediationAI

Apply the Linux kernel upgrade containing the fix: vendor-released patch confirmed at mainline 7.0 and stable series 6.12.75, 6.18.14, and 6.19.4 (commits 72158f9ae29a, 664ffdf34c01, 9080c7ac30f5, 1e0ac56c92e2 on git.kernel.org/stable). Distribution users should pull the corresponding vendor kernel update (Debian/Ubuntu/RHEL/SUSE/Oracle) as it rolls into their stable trees. As a compensating control on systems that do not need this sensor, blacklist or unload the module (echo 'blacklist mprls0025pa_spi' > /etc/modprobe.d/mprls.conf, then rmmod), which fully removes exposure but disables any legitimate use of an attached MPRLS0025PA pressure sensor; alternatively, restrict access to the device's /sys/bus/iio/devices/iioX/ and /dev/iio:deviceX nodes via udev rules so only trusted users/services can interact with the driver, accepting that monitoring agents using that sensor will need matching group membership.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

EUVD-2026-35427 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy