iio: frequency: admv1013: fix NULL pointer dereference on str
CVE-2026-46282

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 June 2026

What is CVE-2026-46282?

In the Linux kernel, the following vulnerability has been resolved:

iio: frequency: admv1013: fix NULL pointer dereference on str

When device_property_read_string() fails, str is left uninitialized but the code falls through to strcmp(str, ...), dereferencing a garbage pointer. Replace manual read/strcmp with device_property_match_property_string() and consolidate the SE mode enums into a single sequential enum, mapping to hardware register values via a switch consistent with other bitfields in the driver.

Several cleanup patches have been applied to this driver recently so this will need a manual backport.

Affected Version(s)

Linux da35a7b526d9b258a2cb8b7816f736a41b32176b < 3a9d8ec2051c2d80158ed7bded5e158c42870037

Linux da35a7b526d9b258a2cb8b7816f736a41b32176b < 5e9f1bad26df3d3afb3cbbfa408b6d6e809708ac

Linux da35a7b526d9b258a2cb8b7816f736a41b32176b < 2dc8d26690bf4e7226409563221c37bc095c94ff

References

https://git.kernel.org/stable/c/3a9d8ec2051c2d80158ed7bde...

https://git.kernel.org/stable/c/5e9f1bad26df3d3afb3cbbfa4...

https://git.kernel.org/stable/c/2dc8d26690bf4e72264095632...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46282 Data

JSON