CVE-2026-46192
MEDIUM EPSS 2.2%
Published May 28, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published May 28, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage data at the driver level. Further, transmitting garbage data just bricks the transfer since QSPI doesn't have a dedicated master-out line like MOSI in regular SPI. I'm not entirely sure if the transfer is bricked because of the garbage data being transmitted on the bus or because the core loses track of whether it is supposed to be sending or receiving data.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 4
References 3
- git.kernel.org https://git.kernel.org/stable/c/67184f361ab4d9fac6d2b8d5fed6649d496038a4
- git.kernel.org https://git.kernel.org/stable/c/eb56deaabf127e8985fc91fa6c97bf8a3b062844
- git.kernel.org https://git.kernel.org/stable/c/ec9d0ddbde6003c303fa5e1d5cd48952852984d8
Remediation
- git.kernel.org https://git.kernel.org/stable/c/67184f361ab4d9fac6d2b8d5fed6649d496038a4
- git.kernel.org https://git.kernel.org/stable/c/eb56deaabf127e8985fc91fa6c97bf8a3b062844
- git.kernel.org https://git.kernel.org/stable/c/ec9d0ddbde6003c303fa5e1d5cd48952852984d8