{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46301", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.111Z", "datePublished": "2026-06-08T15:46:28.004Z", "dateUpdated": "2026-06-14T18:07:38.861Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-14T18:07:38.861Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: topcliff-pch: fix use-after-free on unbind\n\nGive the driver a chance to flush its queue before releasing the DMA\nbuffers on driver unbind"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-topcliff-pch.c"], "versions": [{"version": "c37f3c2749b53225d36faa5c583203c5f12ae15b", "lessThan": "43334836b907adc21eab3079d2e6b26754468786", "status": "affected", "versionType": "git"}, {"version": "c37f3c2749b53225d36faa5c583203c5f12ae15b", "lessThan": "36e58c436d2c2a797800427dc04d74ffd8b6ce1c", "status": "affected", "versionType": "git"}, {"version": "c37f3c2749b53225d36faa5c583203c5f12ae15b", "lessThan": "4ca90deeca1c7dd72c1c380ba8143565516def2d", "status": "affected", "versionType": "git"}, {"version": "c37f3c2749b53225d36faa5c583203c5f12ae15b", "lessThan": "d79e92161b65832e0b8cad5f3d84d17e5cd7a970", "status": "affected", "versionType": "git"}, {"version": "c37f3c2749b53225d36faa5c583203c5f12ae15b", "lessThan": "8822980668c96b5aa251c1e2daec1873262b8f3f", "status": "affected", "versionType": "git"}, {"version": "c37f3c2749b53225d36faa5c583203c5f12ae15b", "lessThan": "d50ef3553acbacce6f2843304d41d06dca358bb6", "status": "affected", "versionType": "git"}, {"version": "c37f3c2749b53225d36faa5c583203c5f12ae15b", "lessThan": "0e8e57f9737ea257634db1d152fc430a0788a3e1", "status": "affected", "versionType": "git"}, {"version": "c37f3c2749b53225d36faa5c583203c5f12ae15b", "lessThan": "9d72732fe70c11424bc90ed466c7ccfa58b42a9a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-topcliff-pch.c"], "versions": [{"version": "3.1", "status": "affected"}, {"version": "0", "lessThan": "3.1", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.258", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.209", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.175", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.140", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.88", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.30", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.7", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "5.10.258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "5.15.209"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.1.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.6.140"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.12.88"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "6.18.30"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "7.0.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/43334836b907adc21eab3079d2e6b26754468786"}, {"url": "https://git.kernel.org/stable/c/36e58c436d2c2a797800427dc04d74ffd8b6ce1c"}, {"url": "https://git.kernel.org/stable/c/4ca90deeca1c7dd72c1c380ba8143565516def2d"}, {"url": "https://git.kernel.org/stable/c/d79e92161b65832e0b8cad5f3d84d17e5cd7a970"}, {"url": "https://git.kernel.org/stable/c/8822980668c96b5aa251c1e2daec1873262b8f3f"}, {"url": "https://git.kernel.org/stable/c/d50ef3553acbacce6f2843304d41d06dca358bb6"}, {"url": "https://git.kernel.org/stable/c/0e8e57f9737ea257634db1d152fc430a0788a3e1"}, {"url": "https://git.kernel.org/stable/c/9d72732fe70c11424bc90ed466c7ccfa58b42a9a"}], "title": "spi: topcliff-pch: fix use-after-free on unbind", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: topcliff-pch: fix use-after-free on unbind\n\nGive the driver a chance to flush its queue before releasing the DMA\nbuffers on driver unbind"}], "id": "CVE-2026-46301", "lastModified": "2026-06-08T17:16:48.560", "metrics": {}, "published": "2026-06-08T17:16:48.560", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0e8e57f9737ea257634db1d152fc430a0788a3e1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/36e58c436d2c2a797800427dc04d74ffd8b6ce1c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/43334836b907adc21eab3079d2e6b26754468786"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4ca90deeca1c7dd72c1c380ba8143565516def2d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8822980668c96b5aa251c1e2daec1873262b8f3f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9d72732fe70c11424bc90ed466c7ccfa58b42a9a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d50ef3553acbacce6f2843304d41d06dca358bb6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d79e92161b65832e0b8cad5f3d84d17e5cd7a970"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: spi: topcliff-pch: fix use-after-free on unbind", "id": "2486450", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486450"}, "csaw": false, "cwe": "CWE-825", "details": ["A flaw was found in the Linux kernel's spi-topcliff-pch driver. This vulnerability, a use-after-free error, occurs when the driver attempts to release Direct Memory Access (DMA) buffers during an unbind operation without properly flushing its queue. An attacker could potentially exploit this memory corruption issue to cause a denial of service or, in some scenarios, achieve arbitrary code execution."], "name": "CVE-2026-46301", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46301\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46301\nhttps://lore.kernel.org/linux-cve-announce/2026060859-CVE-2026-46301-5988@gregkh/T"]}