NULL pointer dereference in Linux kernel - CVE-2026-23475
Published: April 6, 2026
Vulnerability identifier: #VU124897
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23475
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a NULL-pointer dereference in the spi controller sysfs attributes when handling sysfs attribute access before controller statistics allocation. A remote attacker can access the affected sysfs attributes during this window to cause a denial of service.
The issue occurs because controller per-cpu statistics are not allocated until after the controller has been registered, creating a race window that can crash the kernel.
How to mitigate CVE-2026-23475
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/118ce777d39f03cac99231196f820e4f998613a8
- https://git.kernel.org/stable/c/378b295f67102eef78cf2c28105f60ae1dab5cc1
- https://git.kernel.org/stable/c/80c5bd0dca1cc5526ae0f4b273ccd163ed4caa4e
- https://git.kernel.org/stable/c/dee0774bbb2abb172e9069ce5ffef579b12b3ae9
- https://git.kernel.org/stable/c/df30056c78e8bead02d4be020199cabdbec0fef1
- https://git.kernel.org/stable/c/f13100b1f5f111989f0750540a795fdef47492af