CVE-2026-46296

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
08/06/2026
Last modified:
08/07/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: s3c64xx: fix NULL-deref on driver unbind<br /> <br /> A change moving DMA channel allocation from probe() back to<br /> s3c64xx_spi_prepare_transfer() failed to remove the corresponding<br /> deallocation from remove().<br /> <br /> Drop the bogus DMA channel release from remove() to avoid triggering a<br /> NULL-pointer dereference on driver unbind.<br /> <br /> This issue was flagged by Sashiko when reviewing a controller<br /> deregistration fix.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.0 (including) 6.1.176 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.140 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.88 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.30 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.7 (excluding)