{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45996", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.091Z", "datePublished": "2026-05-27T12:55:50.195Z", "dateUpdated": "2026-05-27T12:55:50.195Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:55:50.195Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: imx: fix use-after-free on unbind\n\nThe SPI subsystem frees the controller and any subsystem allocated\ndriver data as part of deregistration (unless the allocation is device\nmanaged).\n\nTake another reference before deregistering the controller so that the\ndriver data is not freed until the driver is done with it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-imx.c"], "versions": [{"version": "307c897db762d1e0feee9477276b08f6deca4a5b", "lessThan": "f99165ef067723221472ce1aff632bc74f562643", "status": "affected", "versionType": "git"}, {"version": "307c897db762d1e0feee9477276b08f6deca4a5b", "lessThan": "385a330083f8dd47c15b02e9a83aef9234a37003", "status": "affected", "versionType": "git"}, {"version": "307c897db762d1e0feee9477276b08f6deca4a5b", "lessThan": "132e47030b0b5e398e0da6c59df5a5dae9b52cff", "status": "affected", "versionType": "git"}, {"version": "307c897db762d1e0feee9477276b08f6deca4a5b", "lessThan": "aa9025a498036b6012769f7af36d421385386c17", "status": "affected", "versionType": "git"}, {"version": "307c897db762d1e0feee9477276b08f6deca4a5b", "lessThan": "1c78c2002380a1fe31bfb01a3d5f29809e55a096", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-imx.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.140", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.86", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.27", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.6.140"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.12.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.18.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f99165ef067723221472ce1aff632bc74f562643"}, {"url": "https://git.kernel.org/stable/c/385a330083f8dd47c15b02e9a83aef9234a37003"}, {"url": "https://git.kernel.org/stable/c/132e47030b0b5e398e0da6c59df5a5dae9b52cff"}, {"url": "https://git.kernel.org/stable/c/aa9025a498036b6012769f7af36d421385386c17"}, {"url": "https://git.kernel.org/stable/c/1c78c2002380a1fe31bfb01a3d5f29809e55a096"}], "title": "spi: imx: fix use-after-free on unbind", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: imx: fix use-after-free on unbind\n\nThe SPI subsystem frees the controller and any subsystem allocated\ndriver data as part of deregistration (unless the allocation is device\nmanaged).\n\nTake another reference before deregistering the controller so that the\ndriver data is not freed until the driver is done with it."}], "id": "CVE-2026-45996", "lastModified": "2026-05-27T14:48:03.013", "metrics": {}, "published": "2026-05-27T14:17:17.180", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/132e47030b0b5e398e0da6c59df5a5dae9b52cff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1c78c2002380a1fe31bfb01a3d5f29809e55a096"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/385a330083f8dd47c15b02e9a83aef9234a37003"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aa9025a498036b6012769f7af36d421385386c17"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f99165ef067723221472ce1aff632bc74f562643"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{}