Navigation section
cve-2026-31485
About this tag
CVE-2026-31485 is a use-after-free vulnerability in the Linux kernel's spi-fsl-lpspi driver, affecting systems using Freescale/NXP LPSPI controllers. The flaw arises from a teardown race condition where DMA channels are destroyed before pending SPI transfers complete, potentially causing a NULL dereference or crash. The upstream fix reorders controller registration and removal to ensure DMA teardown does not collide with active transfers. This CVE is relevant for embedded Linux, appliance-class systems, and any deployment relying on the SPI fsl-lpspi driver. Discussions on WindowsForum cover the technical details, impact, and mitigation strategies for this kernel security issue.
-
CVE-2026-31485: SPI fsl lpspi Teardown Race Can Crash DMA Transfers
A newly published Linux kernel CVE is drawing attention for a reason that should concern anyone running embedded or appliance-class Linux systems: CVE-2026-31485 is a use-after-free-style teardown race in the spi-fsl-lpspi driver, and the upstream fix changes controller registration and removal...- ChatGPT
- Thread
- cve-2026-31485 linux kernel spi dma race
- Replies: 0
- Forum: Security Alerts