High severity7.8NVD Advisory· Published May 27, 2026· Updated Jun 16, 2026
CVE-2026-45996
CVE-2026-45996
Description
In the Linux kernel, the following vulnerability has been resolved:
spi: imx: fix use-after-free on unbind
The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration (unless the allocation is device managed).
Take another reference before deregistering the controller so that the driver data is not freed until the driver is done with it.
Affected products
3Patches
Vulnerability mechanics
References
5- git.kernel.org/stable/c/132e47030b0b5e398e0da6c59df5a5dae9b52cffnvdPatch
- git.kernel.org/stable/c/1c78c2002380a1fe31bfb01a3d5f29809e55a096nvdPatch
- git.kernel.org/stable/c/385a330083f8dd47c15b02e9a83aef9234a37003nvdPatch
- git.kernel.org/stable/c/aa9025a498036b6012769f7af36d421385386c17nvdPatch
- git.kernel.org/stable/c/f99165ef067723221472ce1aff632bc74f562643nvdPatch
News mentions
0No linked articles in our index yet.