CVE-2026-46219

HIGH

spi: mpc52xx: fix use-after-free on unbind

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free.

References (8)

Core 8

Core References

https://git.kernel.org/stable/c/ac8316c896c79f32c1d0a38cb41fd2b14cf8112e

https://git.kernel.org/stable/c/ed929d40963073f23cfb50219ccbcc6e0c3ea641

https://git.kernel.org/stable/c/0944b20e9dfa2917bd70eb5b301cbb67fe54a718

https://git.kernel.org/stable/c/bb6b50f709c5a01906ff72a07fdc070bb3357188

https://git.kernel.org/stable/c/ee52da0dd83ebcd89ecbbe2660c57b15a25489f2

https://git.kernel.org/stable/c/6c3e413919a12627d04a31a4a5fccb9fc129bb02

https://git.kernel.org/stable/c/bbcd6dd8e9f264440eaf6167382bf404911c1c46

https://git.kernel.org/stable/c/706b3dc2ac7a998c55e14b3fd2e8f934c367e6e0

Scores

CVSS v3 7.8

EPSS 0.0014

EPSS Percentile 3.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (34)

Linux/Linux < 6.13

Linux/Linux 373d55a47dc662e5e30d12ad5d334312f757c1f1 - 0944b20e9dfa2917bd70eb5b301cbb67fe54a718

Linux/Linux 373d55a47dc662e5e30d12ad5d334312f757c1f1

Linux/Linux 5.10.231 - 5.10.258

Linux/Linux 5.10.231 - 5.11

Linux/Linux 5.10.258 - 5.10.*

Linux/Linux 5.15.174 - 5.15.209

Linux/Linux 5.15.174 - 5.16

Linux/Linux 5.15.209 - 5.15.*

Linux/Linux 5.4.287 - 5.5

... and 24 more

Published May 28, 2026

Tracked Since May 28, 2026