CVE-2026-45883 Linux CVE debrief

Who should care

System administrators running Linux kernels with SCA3000 accelerometer support; embedded systems using SCA3000 sensors via SPI; security teams tracking kernel driver stability issues

Technical summary

The SCA3000 IIO driver in the Linux kernel contained a resource leak in its probe function. When `iio_device_register()` failed after `request_threaded_irq()` had successfully allocated an IRQ for the SPI device, the IRQ was not freed, leading to resource leakage. The resolution adds proper error handling to jump to a common cleanup path when registration fails, ensuring `spi->irq` is released appropriately. This is a defensive coding fix that prevents resource exhaustion in error scenarios during device initialization.

Defensive priority

low

Recommended defensive actions

• Apply kernel updates containing the referenced stable branch commits when available from your Linux distribution
• Monitor vendor security advisories for kernel package updates addressing CVE-2026-45883
• Review systems using SCA3000 accelerometer sensors via SPI interface for potential resource exhaustion under error conditions
• Consider rebooting systems after kernel updates to ensure patched driver is loaded

Evidence notes

The vulnerability description indicates this is a resource leak fix in kernel driver probe code. The fix ensures IRQ resources are properly released when device registration fails, preventing resource exhaustion in error paths. Multiple stable kernel branch commits are referenced, indicating backports to supported kernel versions.

Official resources