CVE-2026-45996

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
27/05/2026
Last modified:
19/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: imx: fix use-after-free on unbind<br /> <br /> The SPI subsystem frees the controller and any subsystem allocated<br /> driver data as part of deregistration (unless the allocation is device<br /> managed).<br /> <br /> Take another reference before deregistering the controller so that the<br /> driver data is not freed until the driver is done with it.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.19 (including) 6.6.140 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.86 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.27 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.4 (excluding)