CVE-2026-23475
Description
In the Linux kernel, the following vulnerability has been resolved:
spi: fix statistics allocation
The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a NULL-pointer dereference.
Fix this by moving the statistics allocation to controller allocation while tying its lifetime to that of the controller (rather than using implicit devres).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A NULL-pointer dereference in Linux kernel SPI statistics allocation occurs when sysfs attributes are accessed before per-CPU stats are initialized.
Root
Cause
In the Linux kernel's SPI subsystem, per-CPU statistics for a controller are not allocated until after the controller is registered with the driver core. This leaves a window where accessing sysfs attributes related to those statistics can trigger a NULL-pointer dereference, as the memory for the statistics has not yet been allocated [1][2].
Exploitation
An attacker with local access to the system can trigger this vulnerability by reading SPI controller statistics from sysfs during the race window between controller registration and statistics allocation. No special privileges beyond local access are required, though the attacker must be able to interact with sysfs files for the affected device [3][4].
Impact
Successful exploitation results in a denial of service due to a kernel NULL-pointer dereference, causing a system crash or hang. The vulnerability does not allow privilege escalation or code execution, as it is a memory access bug rather than a memory corruption issue [1][4].
Mitigation
The fix moves the statistics allocation to controller allocation time and ties its lifetime to that of the controller using proper memory management, rather than implicit devres. Patches have been applied to the Linux kernel stable branches and are available in the referenced commits [1][2][3][4].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/118ce777d39f03cac99231196f820e4f998613a8nvdPatch
- git.kernel.org/stable/c/378b295f67102eef78cf2c28105f60ae1dab5cc1nvdPatch
- git.kernel.org/stable/c/80c5bd0dca1cc5526ae0f4b273ccd163ed4caa4envdPatch
- git.kernel.org/stable/c/dee0774bbb2abb172e9069ce5ffef579b12b3ae9nvdPatch
- git.kernel.org/stable/c/df30056c78e8bead02d4be020199cabdbec0fef1nvdPatch
- git.kernel.org/stable/c/f13100b1f5f111989f0750540a795fdef47492afnvdPatch
News mentions
0No linked articles in our index yet.