CVE-2026-43356
NULL Pointer Dereference in Linux Kernel IIO IMU ADIS Driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's iio: imu: adis driver, specifically in the adis_init() function. The function attempts to dereference a pointer called adis->ops to check if certain function pointers (write, read, reset) are NULL. However, it does not first verify whether adis->ops itself is NULL.
Because the struct adis is zero-initialized, adis->ops can be NULL when adis_init() is called, leading to a NULL pointer dereference and a kernel crash.
The issue affects drivers like adis16480, adis16490, adis16545, and others that do not set custom ops and rely on adis_init() to assign default operations.
The fix involves checking if adis->ops is NULL before dereferencing it, and if it is NULL, assigning the default operations.
How can this vulnerability impact me? :
This vulnerability can cause a NULL pointer dereference in the Linux kernel, leading to a kernel crash or system instability when affected drivers are initialized.
Such crashes can result in denial of service, potentially disrupting normal operation of systems using the affected drivers.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is caused by a NULL pointer dereference in the adis_init() function of the Linux kernel's iio imu adis driver. The fix involves checking if adis->ops is NULL before dereferencing it and assigning default operations if it is NULL.
To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.