CVE-2026-46296

Source
https://cve.org/CVERecord?id=CVE-2026-46296
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46296.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46296
Downstream
Related
Published
2026-06-08T15:46:23.539Z
Modified
2026-07-10T03:54:02.642538025Z
Summary
spi: s3c64xx: fix NULL-deref on driver unbind
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: s3c64xx: fix NULL-deref on driver unbind

A change moving DMA channel allocation from probe() back to s3c64xxspiprepare_transfer() failed to remove the corresponding deallocation from remove().

Drop the bogus DMA channel release from remove() to avoid triggering a NULL-pointer dereference on driver unbind.

This issue was flagged by Sashiko when reviewing a controller deregistration fix.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46296.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f52b03c707444c5a3d1a0b9c5724f93ddc3c588e
Fixed
29e219a18e21258bdb4ee12cecd0e9ec87d7e6a7
Fixed
1108b8722b9ff0cdd3e8aa18d98244fcd93b6760
Fixed
323a258f4b1916b5a3098618e036e033b2f2317f
Fixed
1b66f16a571a10ba8889ac471755c8af9c5b9266
Fixed
22788b1a8611380b141e09a8896702e32d164238
Fixed
45daacbead8a009844bd5dba6cfa731332184d17

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46296.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.88
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.30
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46296.json"