Volerion logoVolerion
Volerion logoVolerion

Linux Kernel SPI Driver Uninitialized Memory Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's SPI (Serial Peripheral Interface) subsystem. This issue arises because the bus's match() callback is invoked without holding the device lock, allowing unsynchronized access to the driver_override field. The lack of proper locking can lead to a use-after-free condition. The vulnerability affects the Linux kernel SPI driver management, particularly when drivers are probed and matched without adequate synchronization, creating a risk of memory corruption.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.

Added: Apr 22, 2026, 3:10 PM
Updated: Apr 22, 2026, 3:10 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.0
remediation
7.7
relevance
6.2
threat
3.2
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.