NULL Pointer Dereference Vulnerability in Linux Kernel affecting MCP23S08 SPI Driver
CVE-2026-53344
Currently unrated
What is CVE-2026-53344?
A vulnerability in the MCP23S08 SPI driver of the Linux kernel has been identified, which arises from improper initialization of device parameters. The issue occurs when regmap initialization triggers a SPI read that relies on the 'mcp->dev' and 'mcp->addr' fields being correctly set. If these fields are not initialized, a NULL pointer dereference can happen during the probe stage, potentially impacting system stability. The fix addresses the initialization order, ensuring that required values are established before the SPI-related functions are called.
Affected Version(s)
Linux f9f4fda15e720686f1b2b436591ab11255e4e85e < 3a13bb9540dfd7014c5601608afcbbadbbcfd673
Linux f9f4fda15e720686f1b2b436591ab11255e4e85e < 8473c3a197b57ff01396f7a2ec6ddf65383820d4
Linux 6.19