VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Apr 24, 2026· Updated Apr 27, 2026

CVE-2026-31560

CVE-2026-31560

Description

In the Linux kernel, the following vulnerability has been resolved:

spi: spi-dw-dma: fix print error log when wait finish transaction

If an error occurs, the device may not have a current message. In this case, the system will crash.

In this case, it's better to use dev from the struct ctlr (struct spi_controller*).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Fix for a kernel crash in the SPI DW DMA driver when an error occurs with no current message, leading to a NULL pointer dereference.

Vulnerability

In the Linux kernel's spi-dw-dma driver, an error condition during a transaction could cause a NULL pointer dereference. When an error occurs, the device may not have a current message, and the code attempted to access it, leading to a system crash.

Exploitation

An attacker who can trigger an error during an SPI transaction could exploit this vulnerability. No special privileges are required beyond the ability to interact with the SPI subsystem, but the attacker must be able to cause the device to be in an error state without a current message.

Impact

Successful exploitation results in a kernel panic, causing a denial of service (system crash).

Mitigation

The fix is included in stable kernel updates [1] and [2]. Users should apply the latest patches from their distribution or the mainline kernel.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • Linux/Kernel9 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.8.1,<6.19.11
    • cpe:2.3:o:linux:linux_kernel:5.8:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.