PT-2026-30169 · Linux · Linux
Published
2026-04-03
·
Updated
2026-04-03
·
CVE-2026-23475
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
spi: fix statistics allocation
The controller per-cpu statistics is not allocated until after the
controller has been registered with driver core, which leaves a window
where accessing the sysfs attributes can trigger a NULL-pointer
dereference.
Fix this by moving the statistics allocation to controller allocation
while tying its lifetime to that of the controller (rather than using
implicit devres).
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux