NULL Pointer Dereference in Qualcomm CCI Controller for Linux Kernel
CVE-2026-53339

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-53339?

A vulnerability exists within the Linux kernel affecting the Qualcomm CCI controller, which manages I2C masters on modern platforms. If only one I2C master is initialized on certain boards, attempts to unbind the device or remove the driver can result in a NULL pointer dereference. Specifically, when calling cci_halt() for both masters, only one has an initialized completion, leading to potential system instability and crashes if the driver is unloaded improperly.

Affected Version(s)

Linux e517526195de400158e05a08764d1fb61d579105

Linux e517526195de400158e05a08764d1fb61d579105 < 4d2b4a9cda6837e5ee1de1290f2e773a713b71e9

Linux e517526195de400158e05a08764d1fb61d579105

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.