CVE-2026-46200
SPI Controller Deregistration Flaw in Linux Kernel
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability relates to the Linux kernel's spi: mpc52xx driver. The issue was that the controller was not properly deregistered before disabling and releasing underlying resources such as interrupts and GPIOs during the driver unbind process. The fix ensures that the controller is deregistered first to prevent potential issues.
How can this vulnerability impact me? :
Improper deregistration of the controller before releasing resources could lead to system instability or unexpected behavior in the SPI driver, potentially causing hardware communication problems or crashes during driver unbind.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by ensuring that the SPI controller on mpc52xx is deregistered before disabling and releasing underlying resources such as interrupts and GPIOs during driver unbind.
To mitigate this vulnerability, update your Linux kernel to a version that includes this fix.