Unclocked Access Vulnerability in Cadence QuadSPI Driver for Linux Kernel
CVE-2026-46203

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46203?

A vulnerability in the Cadence QuadSPI driver for the Linux kernel has been identified, which pertains to unclocked register access during the driver unbind process. Specifically, if the controller is not properly runtime resumed before being disabled, it can lead to undefined behavior. This problem was flagged during a review of a controller deregistration fix. Addressing this issue is crucial to ensure the stability and security of the Linux kernel environment.

Affected Version(s)

Linux 0578a6dbfe7514db7134501cf93acc21cf13e479

Linux 0578a6dbfe7514db7134501cf93acc21cf13e479 < 233db2cb14db8b1935dda52a6affd97276462b82

Linux 6.7

References

https://git.kernel.org/stable/c/d67a5311818b3e6481a1e4293...

https://git.kernel.org/stable/c/233db2cb14db8b1935dda52a6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46203 Data

JSON