CVE-2026-46219
spi: mpc52xx: fix use-after-free on unbind
Description
In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free.
INFO
Published Date :
May 28, 2026, 10:16 a.m.
Last Modified :
June 10, 2026, 6:44 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Cancel state machine work after disabling interrupts.
- Apply the provided kernel patch.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-46219.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-46219 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-46219
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-46219 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-46219 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Jun. 10, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-416 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.287 up to (excluding) 5.5 *cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.66 up to (excluding) 6.6.140 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.19 up to (excluding) 7.0.9 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.231 up to (excluding) 5.10.258 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.174 up to (excluding) 5.15.209 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.120 up to (excluding) 6.1.175 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.12.5 up to (excluding) 6.12.90 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13.1 up to (excluding) 6.18.32 Added Reference Type kernel.org: https://git.kernel.org/stable/c/0944b20e9dfa2917bd70eb5b301cbb67fe54a718 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/6c3e413919a12627d04a31a4a5fccb9fc129bb02 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/706b3dc2ac7a998c55e14b3fd2e8f934c367e6e0 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/ac8316c896c79f32c1d0a38cb41fd2b14cf8112e Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/bb6b50f709c5a01906ff72a07fdc070bb3357188 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/bbcd6dd8e9f264440eaf6167382bf404911c1c46 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/ed929d40963073f23cfb50219ccbcc6e0c3ea641 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/ee52da0dd83ebcd89ecbbe2660c57b15a25489f2 Types: Patch -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 01, 2026
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/0944b20e9dfa2917bd70eb5b301cbb67fe54a718 Added Reference https://git.kernel.org/stable/c/ac8316c896c79f32c1d0a38cb41fd2b14cf8112e Added Reference https://git.kernel.org/stable/c/ed929d40963073f23cfb50219ccbcc6e0c3ea641 -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 28, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free. Added Reference https://git.kernel.org/stable/c/6c3e413919a12627d04a31a4a5fccb9fc129bb02 Added Reference https://git.kernel.org/stable/c/706b3dc2ac7a998c55e14b3fd2e8f934c367e6e0 Added Reference https://git.kernel.org/stable/c/bb6b50f709c5a01906ff72a07fdc070bb3357188 Added Reference https://git.kernel.org/stable/c/bbcd6dd8e9f264440eaf6167382bf404911c1c46 Added Reference https://git.kernel.org/stable/c/ee52da0dd83ebcd89ecbbe2660c57b15a25489f2