{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31485", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.101Z", "datePublished": "2026-04-22T13:54:10.892Z", "dateUpdated": "2026-05-11T22:09:38.585Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:09:38.585Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-lpspi: fix teardown order issue (UAF)\n\nThere is a teardown order issue in the driver. The SPI controller is\nregistered using devm_spi_register_controller(), which delays\nunregistration of the SPI controller until after the fsl_lpspi_remove()\nfunction returns.\n\nAs the fsl_lpspi_remove() function synchronously tears down the DMA\nchannels, a running SPI transfer triggers the following NULL pointer\ndereference due to use after free:\n\n| fsl_lpspi 42550000.spi: I/O Error in DMA RX\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[...]\n| Call trace:\n| fsl_lpspi_dma_transfer+0x260/0x340 [spi_fsl_lpspi]\n| fsl_lpspi_transfer_one+0x198/0x448 [spi_fsl_lpspi]\n| spi_transfer_one_message+0x49c/0x7c8\n| __spi_pump_transfer_message+0x120/0x420\n| __spi_sync+0x2c4/0x520\n| spi_sync+0x34/0x60\n| spidev_message+0x20c/0x378 [spidev]\n| spidev_ioctl+0x398/0x750 [spidev]\n[...]\n\nSwitch from devm_spi_register_controller() to spi_register_controller() in\nfsl_lpspi_probe() and add the corresponding spi_unregister_controller() in\nfsl_lpspi_remove()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-fsl-lpspi.c"], "versions": [{"version": "5314987de5e5f5e38436ef4a69328bc472bbd63e", "lessThan": "fbe6f40caeebb0b1ea9dfedc259124c1d3cda7a6", "status": "affected", "versionType": "git"}, {"version": "5314987de5e5f5e38436ef4a69328bc472bbd63e", "lessThan": "ca4483f36ac1b62e69f8b182c5b8f059e0abecfb", "status": "affected", "versionType": "git"}, {"version": "5314987de5e5f5e38436ef4a69328bc472bbd63e", "lessThan": "e3fd54f8b0317fbccc103961ddd660f2a32dcf0b", "status": "affected", "versionType": "git"}, {"version": "5314987de5e5f5e38436ef4a69328bc472bbd63e", "lessThan": "adb25339b66112393fd6892ceff926765feb5b86", "status": "affected", "versionType": "git"}, {"version": "5314987de5e5f5e38436ef4a69328bc472bbd63e", "lessThan": "d5d01f24bc6fbde40b4e567ef9160194b61267bc", "status": "affected", "versionType": "git"}, {"version": "5314987de5e5f5e38436ef4a69328bc472bbd63e", "lessThan": "e89e2b97253c124d37bf88e96e5e8ce5c3aeeec3", "status": "affected", "versionType": "git"}, {"version": "5314987de5e5f5e38436ef4a69328bc472bbd63e", "lessThan": "15650dfbaeeb14bcaaf053b93cf631db8d465300", "status": "affected", "versionType": "git"}, {"version": "5314987de5e5f5e38436ef4a69328bc472bbd63e", "lessThan": "b341c1176f2e001b3adf0b47154fc31589f7410e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-fsl-lpspi.c"], "versions": [{"version": "4.10", "status": "affected"}, {"version": "0", "lessThan": "4.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.131", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.6.131"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fbe6f40caeebb0b1ea9dfedc259124c1d3cda7a6"}, {"url": "https://git.kernel.org/stable/c/ca4483f36ac1b62e69f8b182c5b8f059e0abecfb"}, {"url": "https://git.kernel.org/stable/c/e3fd54f8b0317fbccc103961ddd660f2a32dcf0b"}, {"url": "https://git.kernel.org/stable/c/adb25339b66112393fd6892ceff926765feb5b86"}, {"url": "https://git.kernel.org/stable/c/d5d01f24bc6fbde40b4e567ef9160194b61267bc"}, {"url": "https://git.kernel.org/stable/c/e89e2b97253c124d37bf88e96e5e8ce5c3aeeec3"}, {"url": "https://git.kernel.org/stable/c/15650dfbaeeb14bcaaf053b93cf631db8d465300"}, {"url": "https://git.kernel.org/stable/c/b341c1176f2e001b3adf0b47154fc31589f7410e"}], "title": "spi: spi-fsl-lpspi: fix teardown order issue (UAF)", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0D3F33A-9B37-46EB-A8C3-97B2F00C65EB", "versionEndExcluding": "5.10.253", "versionStartIncluding": "4.10.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20DDB3E9-AABF-4107-ADB0-5362AA067045", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B", "versionEndExcluding": "6.1.168", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE6ED4D4-0046-4573-BFA9-D64143B6A89F", "versionEndExcluding": "6.6.131", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6", "versionEndExcluding": "6.12.80", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED39847A-3B46-4729-B7CA-B2C30B9FA8FE", "versionEndExcluding": "6.18.21", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA2E747-A9EC-4518-9AA2-B4247FC748B7", "versionEndExcluding": "6.19.11", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.10:-:*:*:*:*:*:*", "matchCriteriaId": "C201E405-86F2-4F96-984A-00A865219C86", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-lpspi: fix teardown order issue (UAF)\n\nThere is a teardown order issue in the driver. The SPI controller is\nregistered using devm_spi_register_controller(), which delays\nunregistration of the SPI controller until after the fsl_lpspi_remove()\nfunction returns.\n\nAs the fsl_lpspi_remove() function synchronously tears down the DMA\nchannels, a running SPI transfer triggers the following NULL pointer\ndereference due to use after free:\n\n| fsl_lpspi 42550000.spi: I/O Error in DMA RX\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[...]\n| Call trace:\n| fsl_lpspi_dma_transfer+0x260/0x340 [spi_fsl_lpspi]\n| fsl_lpspi_transfer_one+0x198/0x448 [spi_fsl_lpspi]\n| spi_transfer_one_message+0x49c/0x7c8\n| __spi_pump_transfer_message+0x120/0x420\n| __spi_sync+0x2c4/0x520\n| spi_sync+0x34/0x60\n| spidev_message+0x20c/0x378 [spidev]\n| spidev_ioctl+0x398/0x750 [spidev]\n[...]\n\nSwitch from devm_spi_register_controller() to spi_register_controller() in\nfsl_lpspi_probe() and add the corresponding spi_unregister_controller() in\nfsl_lpspi_remove()."}], "id": "CVE-2026-31485", "lastModified": "2026-04-28T13:12:24.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T14:16:45.923", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/15650dfbaeeb14bcaaf053b93cf631db8d465300"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/adb25339b66112393fd6892ceff926765feb5b86"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b341c1176f2e001b3adf0b47154fc31589f7410e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ca4483f36ac1b62e69f8b182c5b8f059e0abecfb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d5d01f24bc6fbde40b4e567ef9160194b61267bc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e3fd54f8b0317fbccc103961ddd660f2a32dcf0b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e89e2b97253c124d37bf88e96e5e8ce5c3aeeec3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fbe6f40caeebb0b1ea9dfedc259124c1d3cda7a6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: spi: spi-fsl-lpspi: fix teardown order issue (UAF)", "id": "2460648", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460648"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in the `spi-fsl-lpspi` driver within the Linux kernel. This vulnerability, identified as a Use-After-Free (UAF) issue, stems from a teardown order problem during the unregistration of the Serial Peripheral Interface (SPI) controller. When a running SPI transfer attempts to access deallocated memory during the synchronous teardown of Direct Memory Access (DMA) channels, it can lead to a NULL pointer dereference. This ultimately causes the system to crash, resulting in a Denial of Service (DoS)."], "name": "CVE-2026-31485", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31485\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31485\nhttps://lore.kernel.org/linux-cve-announce/2026042259-CVE-2026-31485-e15c@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[5314987de5e5f5e38436ef4a69328bc472bbd63e,fbe6f40caeebb0b1ea9dfedc259124c1d3cda7a6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[5314987de5e5f5e38436ef4a69328bc472bbd63e,ca4483f36ac1b62e69f8b182c5b8f059e0abecfb)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[5314987de5e5f5e38436ef4a69328bc472bbd63e,e3fd54f8b0317fbccc103961ddd660f2a32dcf0b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[5314987de5e5f5e38436ef4a69328bc472bbd63e,adb25339b66112393fd6892ceff926765feb5b86)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[5314987de5e5f5e38436ef4a69328bc472bbd63e,d5d01f24bc6fbde40b4e567ef9160194b61267bc)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[5314987de5e5f5e38436ef4a69328bc472bbd63e,e89e2b97253c124d37bf88e96e5e8ce5c3aeeec3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[5314987de5e5f5e38436ef4a69328bc472bbd63e,15650dfbaeeb14bcaaf053b93cf631db8d465300)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[5314987de5e5f5e38436ef4a69328bc472bbd63e,b341c1176f2e001b3adf0b47154fc31589f7410e)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[4.10,4.10]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,4.10)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[5.10.253,5.10.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[5.15.203,5.15.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.1.168,6.1.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.6.131,6.6.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.12.80,6.12.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.21,6.18.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19.11,6.19.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-29T02:46:44.320778+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a patched release that replaces devm_spi_register_controller with spi_register_controller and adds spi_unregister_controller during removal.", "If a patched kernel is not available, restrict access to the SPI device node (e.g., /dev/spidev*) or disable spidev services to prevent transfers while the driver is being removed.", "Reboot the system after applying the update or disabling the device to fully restart the driver and verify that no kernel PANIC messages appear in system logs."], "summary": {"action": "Patch now", "impact": "Kernel crash resulting in denial of service"}, "threat_synthesis": {"affected_systems": "Based on the CPE entries, the affected kernels include Linux 4.10 and the 7.0 release candidates rc1 through rc7. The vendor/product details\u2014Freescale/NXP LPSPI driver\u2014are inferred from the driver name and are not explicitly specified in the input. Any Linux system that loads the spi\u2011fsl\u2011lpspi module or provides access to /dev/spidev* (e.g., embedded devices, routers, virtual machines) is potentially within scope.", "description_and_impact": "The spi-fsl-lpspi driver contains a teardown order bug that causes a use\u2011after\u2011free of the DMA channel structures while a SPI transfer is in progress. This results in a NULL pointer dereference in fsl_lpspi_dma_transfer, triggering a kernel panic and potentially terminating critical services. The crash therefore produces a local denial of service.", "risk_and_exploitability": "The CVSS score of 7.8 and an EPSS < 1% indicate high severity but a very low likelihood of exploitation. Based on the description, the likely attack vector is a local attacker with access to /dev/spidev who initiates a transfer during driver removal, which generally requires privileged access to the device node. No mechanism for remote code execution or privilege escalation is provided. The flaw is not listed in CISA KEV and no public exploits are known, further reducing operational risk."}}}}, "created": "2026-04-22T18:30:23.554718+00:00", "updated": "2026-04-29T03:00:12.343098+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}