CVE-2026-43476

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the sps30 i2c read meas() function within the iio: chemical: sps30 i2c component. The sizeof(num) expression incorrectly evaluates to the size of size t (8 bytes on 64-bit systems) rather than the intended be32 element size (4 bytes). This results in an incorrect buffer size calculation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.