spi: fix statistics allocation

Description

A vulnerability described as critical has been identified in Linux Kernel up to 7.0-rc4. The impacted element is an unknown function of the component spi. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-23475. The attack must originate from the local network. Upgrading the affected component is recommended.

Affected Products

Vendor	Product	Versions
linux	linux kernel	6598b91b5ac32bc756d7c3000a31f775d4ead1c4, 6598b91b5ac32bc756d7c3000a31f775d4ead1c4, 6598b91b5ac32bc756d7c3000a31f775d4ead1c4, 6598b91b5ac32bc756d7c3000a31f775d4ead1c4, 6598b91b5ac32bc756d7c3000a31f775d4ead1c4, 6598b91b5ac32bc756d7c3000a31f775d4ead1c4, 6.0, 6.1.167, 6.6.130, 6.12.78, 6.18.20, 6.19.10, 7.0-rc5

References

Related News (2 articles)

Tier C

VulDB2h ago

CVE-2026-23475 | Linux Kernel up to 7.0-rc4 spi null pointer dereference

→ No new info (linked only)

Tier C

Linux Kernel CVEs3h ago

CVE-2026-23475: spi: fix statistics allocation

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

80c5bd0dca1cc5526ae0f4b273ccd163ed4caa4ef13100b1f5f111989f0750540a795fdef47492afdf30056c78e8bead02d4be020199cabdbec0fef1378b295f67102eef78cf2c28105f60ae1dab5cc1118ce777d39f03cac99231196f820e4f998613a8dee0774bbb2abb172e9069ce5ffef579b12b3ae9

CWECWE-476

PublishedApr 3, 2026

Last enriched2h agov3

Trending Score61

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack