{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46226", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.106Z", "datePublished": "2026-05-28T09:40:46.027Z", "dateUpdated": "2026-05-28T09:40:46.027Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-28T09:40:46.027Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl: fix controller deregistration\n\nMake sure to deregister the controller before releasing underlying\nresources like DMA during driver unbind."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-fsl-spi.c"], "versions": [{"version": "4178b6b1b595003cd6e04711b449797a582e44f5", "lessThan": "562d954a144950ec2aa6a874ae657cb3fa31fe53", "status": "affected", "versionType": "git"}, {"version": "4178b6b1b595003cd6e04711b449797a582e44f5", "lessThan": "e888308222375ac28bae69134dae288178718a96", "status": "affected", "versionType": "git"}, {"version": "4178b6b1b595003cd6e04711b449797a582e44f5", "lessThan": "ca3195c7b88362d7c81efe685948663a9f9db0e6", "status": "affected", "versionType": "git"}, {"version": "4178b6b1b595003cd6e04711b449797a582e44f5", "lessThan": "5750743a39c9d46ac9fcf57ffe000956da4942cf", "status": "affected", "versionType": "git"}, {"version": "4178b6b1b595003cd6e04711b449797a582e44f5", "lessThan": "9b7abfed4c3754062d1f3ffd452e65a38667f586", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-fsl-spi.c"], "versions": [{"version": "4.3", "status": "affected"}, {"version": "0", "lessThan": "4.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.140", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.90", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.32", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.9", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.6.140"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.12.90"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.18.32"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "7.0.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/562d954a144950ec2aa6a874ae657cb3fa31fe53"}, {"url": "https://git.kernel.org/stable/c/e888308222375ac28bae69134dae288178718a96"}, {"url": "https://git.kernel.org/stable/c/ca3195c7b88362d7c81efe685948663a9f9db0e6"}, {"url": "https://git.kernel.org/stable/c/5750743a39c9d46ac9fcf57ffe000956da4942cf"}, {"url": "https://git.kernel.org/stable/c/9b7abfed4c3754062d1f3ffd452e65a38667f586"}], "title": "spi: fsl: fix controller deregistration", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D86A75F-1FC5-429D-9B3E-AADA1F797DDA", "versionEndExcluding": "6.6.140", "versionStartIncluding": "4.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BAAA2BE-6EEC-45D5-AD66-50F63CA20483", "versionEndExcluding": "6.12.90", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB9F1FA8-6D5E-42B1-9877-57BACFE5C886", "versionEndExcluding": "6.18.32", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "33ACA10B-B260-46EA-BD50-70EBE5097672", "versionEndExcluding": "7.0.9", "versionStartIncluding": "6.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl: fix controller deregistration\n\nMake sure to deregister the controller before releasing underlying\nresources like DMA during driver unbind."}], "id": "CVE-2026-46226", "lastModified": "2026-06-10T19:04:39.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-05-28T10:16:38.227", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/562d954a144950ec2aa6a874ae657cb3fa31fe53"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5750743a39c9d46ac9fcf57ffe000956da4942cf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9b7abfed4c3754062d1f3ffd452e65a38667f586"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ca3195c7b88362d7c81efe685948663a9f9db0e6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e888308222375ac28bae69134dae288178718a96"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: spi: fsl: fix controller deregistration", "id": "2482657", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482657"}, "csaw": false, "cwe": "CWE-826", "details": ["A flaw was found in the Linux kernel's `spi: fsl` driver. This vulnerability arises from improper sequencing of controller deregistration before releasing underlying resources, such as Direct Memory Access (DMA), during the driver unbind process. This could potentially lead to system instability or a denial of service (DoS) condition."], "name": "CVE-2026-46226", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46226\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46226\nhttps://lore.kernel.org/linux-cve-announce/2026052838-CVE-2026-46226-711b@gregkh/T"]}