PatchSiren cyber security CVE debrief
CVE-2026-46282 Linux CVE debrief
A NULL pointer dereference vulnerability was found in the Linux kernel's iio: frequency: admv1013 driver. When device_property_read_string() fails, the code falls through to strcmp(), dereferencing a garbage pointer. This issue has been resolved by replacing manual read/strcmp with device_property_match_property_string().
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Linux kernel users and administrators
Technical summary
The Linux kernel's iio: frequency: admv1013 driver is vulnerable to a NULL pointer dereference. The issue arises when device_property_read_string() fails, leaving the 'str' variable uninitialized. The code then attempts to compare 'str' using strcmp(), which can lead to a garbage pointer dereference.
Defensive priority
High
Recommended defensive actions
- Apply the patches provided in the kernel.org references
- Use device_property_match_property_string() to safely match property strings
Evidence notes
The CVE record and NVD detail pages provide information on this vulnerability.
Official resources
-
CVE-2026-46282 CVE record
CVE.org
-
CVE-2026-46282 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVE-2026-46282 was published on 2026-06-08T17:16:45.940Z and has not been modified since.