PatchSiren cyber security CVE debrief
CVE-2026-46301 Linux CVE debrief
A use-after-free vulnerability was discovered in the Linux kernel's spi: topcliff-pch driver. The vulnerability occurs when the driver unbinds, allowing a chance to flush its queue before releasing the DMA buffers.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of the Linux kernel with the spi: topcliff-pch driver enabled should be aware of this vulnerability.
Technical summary
The Linux kernel's spi: topcliff-pch driver has a use-after-free vulnerability. When the driver unbinds, it does not properly handle its queue, leading to a potential use-after-free condition.
Defensive priority
medium
Recommended defensive actions
- Apply the patches provided by the Linux kernel maintainers to fix the vulnerability.
- Ensure that the Linux kernel is updated with the latest security patches.
Evidence notes
The vulnerability was resolved by giving the driver a chance to flush its queue before releasing the DMA buffers on driver unbind.
Official resources
-
CVE-2026-46301 CVE record
CVE.org
-
CVE-2026-46301 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
public