CVE-2026-31487

MEDIUM EPSS 0.8%
Published Apr 22, 20262mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 22, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1] Also note that we do not enable the driver_override feature of struct bus_type, as SPI - in contrast to most other buses - passes "" to sysfs_emit() when the driver_override pointer is NULL. Thus, printing "\n" instead of "(null)\n".

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
0.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥4.20.1  –  <6.12.80
linuxlinux_kernel*≥6.13  –  <6.18.21
linuxlinux_kernel*≥6.19  –  <6.19.11
linuxlinux_kernel4.20any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/c73a58661a760373d08a6883af4f0bb5cc991a67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cc34d77dd48708d810c12bfd6f5bf03304f6c824
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e0ae367a2de06c49aa1de6ec9b1ab6860bbb2cf0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eedf220442d13b6d97294e5b0ac8a2c38ee1a1a0
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/c73a58661a760373d08a6883af4f0bb5cc991a67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cc34d77dd48708d810c12bfd6f5bf03304f6c824
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e0ae367a2de06c49aa1de6ec9b1ab6860bbb2cf0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eedf220442d13b6d97294e5b0ac8a2c38ee1a1a0
    Patch