CVE-2026-46241

HIGH

spi: mpc52xx: fix use-after-free on registration failure

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on registration failure Make sure to disable and free the interrupts in case controller registration fails to avoid a potential use-after-free and resource leak. This issue was flagged by Sashiko when reviewing a controller deregistration fix.

References (4)

Core 4

Core References

https://git.kernel.org/stable/c/8b49b6aadd0c622ca7d68b4a53ae10362e221cf3

https://git.kernel.org/stable/c/336d9ad7560b3baba17af06727a888040ee93390

https://git.kernel.org/stable/c/5c77f11b9b5f1ad5a704dad875260c44016ede10

https://git.kernel.org/stable/c/f62c060272b9d7423b1650b844e8e4e7b8f9f925

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (12)

Linux/Linux < 2.6.33

Linux/Linux 2.6.33

Linux/Linux 42bbb70980f3720b0ae6da6af862af0e95a04351 - 336d9ad7560b3baba17af06727a888040ee93390

Linux/Linux 42bbb70980f3720b0ae6da6af862af0e95a04351 - 5c77f11b9b5f1ad5a704dad875260c44016ede10

Linux/Linux 42bbb70980f3720b0ae6da6af862af0e95a04351 - 8b49b6aadd0c622ca7d68b4a53ae10362e221cf3

Linux/Linux 42bbb70980f3720b0ae6da6af862af0e95a04351 - f62c060272b9d7423b1650b844e8e4e7b8f9f925

Linux/Linux 6.12.90 - 6.12.*

Linux/Linux 6.18.32 - 6.18.*

Linux/Linux 7.0.9 - 7.0.*

Linux/Linux 7.1

... and 2 more

Published May 28, 2026

Tracked Since May 28, 2026