CVE-2026-31487

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: use generic driver_override infrastructure<br /> <br /> When a driver is probed through __driver_attach(), the bus&amp;#39; match()<br /> callback is called without the device lock held, thus accessing the<br /> driver_override field without a lock, which can cause a UAF.<br /> <br /> Fix this by using the driver-core driver_override infrastructure taking<br /> care of proper locking internally.<br /> <br /> Note that calling match() from __driver_attach() without the device lock<br /> held is intentional. [1]<br /> <br /> Also note that we do not enable the driver_override feature of struct<br /> bus_type, as SPI - in contrast to most other buses - passes "" to<br /> sysfs_emit() when the driver_override pointer is NULL. Thus, printing<br /> "\n" instead of "(null)\n".