CVE-2026-46241 Linux CVE debrief

Who should care

Organizations running embedded Linux systems on Freescale/NXP MPC52xx hardware; industrial control system operators using PowerPC-based SPI peripherals; kernel maintainers for embedded distributions with MPC52xx support

Technical summary

The MPC52xx SPI controller driver in the Linux kernel contains a use-after-free vulnerability triggered when controller registration fails. The flaw occurs because interrupt resources are not properly disabled and freed during error handling, leaving dangling pointers and leaked resources. The vulnerability affects embedded systems utilizing Freescale/NXP MPC52xx PowerPC processors with SPI interfaces. Multiple stable kernel branches received fixes via commits addressing the interrupt cleanup sequence in the probe failure path.

Defensive priority

medium

Recommended defensive actions

• Review kernel patch commits for MPC52xx SPI driver to verify interrupt cleanup logic in error paths
• Audit systems using Freescale/NXP MPC52xx-based hardware for kernel versions prior to fix integration
• Validate SPI controller probe failure handling in custom kernel builds for embedded MPC52xx deployments
• Monitor stable kernel updates for backported fixes to affected long-term support branches

Evidence notes

Vulnerability description sourced from official CVE record published 2026-05-28. Fix commits identified in kernel.org stable tree. Vendor attribution marked low confidence requiring review due to 'Unknown Vendor' classification in source data.

Official resources