CVE-2026-31768
Description
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ti-adc161s626: use DMA-safe memory for spi_read()
Add a DMA-safe buffer and use it for spi_read() instead of a stack memory. All SPI buffers must be DMA-safe.
Since we only need up to 3 bytes, we just use a u8[] instead of __be16 and __be32 and change the conversion functions appropriately.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A DMA-unsafe stack buffer in the Linux kernel's ti-adc161s626 ADC driver can cause memory corruption during SPI reads, fixed by allocating a DMA-safe buffer.
Vulnerability
The vulnerability exists in the Linux kernel's Industrial I/O (IIO) subsystem, specifically in the TI ADC161S626 driver (ti-adc161s626.c). The driver's spi_read() function uses a stack-allocated buffer to receive data from the SPI device. However, the SPI subsystem requires all transfer buffers to be DMA-safe, as it may use DMA operations to read data. Stack memory does not guarantee DMA safety, leading to potential memory corruption or undefined behavior [1][2][3][4].
Exploitation
The issue is triggered during normal ADC read operations when the driver communicates with the hardware over SPI. An attacker would need either local access to the system or control over the SPI bus to influence the data being read. No authentication is required beyond access to the driver's operation path, but the attack surface is limited to systems that actually use the affected TI ADC chip.
Impact
Successful exploitation could lead to kernel memory corruption, potentially causing system crashes (denial of service) or, in more severe scenarios, arbitrary code execution in kernel context. The severity is rated High (CVSS 7.8), reflecting the potential for full system compromise, though the exact exploitability depends on hardware and kernel configuration.
Mitigation
The fix has been merged into the Linux kernel stable branches via commits referenced above [1][2][3][4]. Users should update their kernel to a version that includes these patches. No workaround is available; the only remedy is to apply the kernel update.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9(expand)+ 7 more
- (no CPE)
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.9,<6.1.168
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
News mentions
0No linked articles in our index yet.