PatchSiren cyber security CVE debrief
CVE-2026-46296 Linux CVE debrief
A vulnerability was found in the Linux kernel, specifically in the spi: s3c64xx driver. The issue arises from a change that moved DMA channel allocation from the probe() function back to s3c64xx_spi_prepare_transfer(), but failed to remove the corresponding deallocation from the remove() function. This results in a NULL-pointer dereference when the driver is unbound.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of the Linux kernel with the spi: s3c64xx driver
Technical summary
The vulnerability is caused by a change in the DMA channel allocation and deallocation in the spi: s3c64xx driver. The allocation was moved from probe() to s3c64xx_spi_prepare_transfer(), but the deallocation was not removed from remove(). This leads to a NULL-pointer dereference when the driver is unbound.
Defensive priority
Medium
Recommended defensive actions
- Update the Linux kernel to the latest version
- Apply the patch to fix the vulnerability
Evidence notes
The issue was flagged by Sashiko when reviewing a controller deregistration fix.
Official resources
-
CVE-2026-46296 CVE record
CVE.org
-
CVE-2026-46296 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
public