CVE-2026-46261
NULL Pointer Dereference in Linux Kernel SPI FIU Driver
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's spi: wpcm-fiu driver, specifically in the wpcm_fiu_probe() function.
The issue arises because the function platform_get_resource_byname() can return NULL, and if this NULL pointer is passed to resource_size(), it causes a crash.
The fix involves moving the assignment of fiu->memory_size to occur only after checking for errors from devm_ioremap_resource(), thereby preventing a potential NULL pointer dereference.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference in the spi: wpcm-fiu driver.
A kernel crash can lead to system instability, unexpected reboots, or denial of service conditions on affected systems.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the issue in the wpcm-fiu driver has been fixed. This fix involves proper error checking to prevent a NULL pointer dereference in the wpcm_fiu_probe() function.