CVE-2026-46148
Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
28/05/2026
Última modificación:
10/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
spi: microchip-core-qspi: control built-in cs manually<br />
<br />
The coreQSPI IP supports only a single chip select, which is<br />
automagically operated by the hardware - set low when the transmit<br />
buffer first gets written to and set high when the number of bytes<br />
written to the TOTALBYTES field of the FRAMES register have been sent on<br />
the bus. Additional devices must use GPIOs for their chip selects.<br />
It was reported to me that if there are two devices attached to this<br />
QSPI controller that the in-built chip select is set low while linux<br />
tries to access the device attached to the GPIO.<br />
<br />
This went undetected as the boards that connected multiple devices to<br />
the SPI controller all exclusively used GPIOs for chip selects, not<br />
relying on the built-in chip select at all. It turns out that this was<br />
because the built-in chip select, when controlled automagically, is set<br />
low when active and high when inactive, thereby ruling out its use for<br />
active-high devices or devices that need to transmit with the chip<br />
select disabled.<br />
<br />
Modify the driver so that it controls chip select directly, retaining<br />
the behaviour for mem_ops of setting the chip select active for the<br />
entire duration of the transfer in the exec_op callback. For regular<br />
transfers, implement the set_cs callback for the core to use.<br />
<br />
As part of this, the existing setup callback, mchp_coreqspi_setup_op(),<br />
is removed. Modifying the CLKIDLE field is not safe to do during<br />
operation when there are multiple devices, so this code is removed<br />
entirely. Setting the MASTER and ENABLE fields is something that can be<br />
done once at probe, it doesn&#39;t need to be re-run for each device.<br />
Instead the new setup callback sets the built-in chip select to its<br />
inactive state for active-low devices, as the reset value of the chip<br />
select in software controlled mode is low.
Impacto
Puntuación base 3.x
5.50
Gravedad 3.x
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1 (incluyendo) | 6.18.30 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (incluyendo) | 7.0.7 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página



