NULL Pointer Dereference Vulnerability in Linux Kernel affecting MCP23S08 SPI Driver
CVE-2026-53344

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-53344?

A vulnerability in the MCP23S08 SPI driver of the Linux kernel has been identified, which arises from improper initialization of device parameters. The issue occurs when regmap initialization triggers a SPI read that relies on the 'mcp->dev' and 'mcp->addr' fields being correctly set. If these fields are not initialized, a NULL pointer dereference can happen during the probe stage, potentially impacting system stability. The fix addresses the initialization order, ensuring that required values are established before the SPI-related functions are called.

Affected Version(s)

Linux f9f4fda15e720686f1b2b436591ab11255e4e85e < 3a13bb9540dfd7014c5601608afcbbadbbcfd673

Linux f9f4fda15e720686f1b2b436591ab11255e4e85e < 8473c3a197b57ff01396f7a2ec6ddf65383820d4

Linux 6.19

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.