CVE-2026-46203— spi: cadence-quadspi: fix unclocked access on unbind

AI Predicted 3.3 Difficulty: Easy EPSS 0.02% · P5 Updated May 28, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 6

Vendor	Product	Version Range	Status
Linux	Linux	`0578a6dbfe7514db7134501cf93acc21cf13e479< d67a5311818b3e6481a1e4293c9337ebfee73111`	affected
		`0578a6dbfe7514db7134501cf93acc21cf13e479< 233db2cb14db8b1935dda52a6affd97276462b82`	affected
		`6.7`	affected
		`< 6.7`	unaffected
		`7.0.9≤ 7.0.*`	unaffected
		`7.1-rc2≤ *`	unaffected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-46203

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

spi: cadence-quadspi: fix unclocked access on unbind

Source: NVD (National Vulnerability Database)

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: fix unclocked access on unbind Make sure that the controller is runtime resumed before disabling it during driver unbind to avoid an unclocked register access. This issue was flagged by Sashiko when reviewing a controller deregistration fix.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux kernel 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于spi cadence-quadspi驱动在解除绑定时未确保控制器处于运行时唤醒状态，可能导致未时钟访问寄存器。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Linux	Linux	0578a6dbfe7514db7134501cf93acc21cf13e479 ~ d67a5311818b3e6481a1e4293c9337ebfee73111	-
Linux	Linux	6.7	-

II. Public POCs for CVE-2026-46203

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-46203

请登录查看更多情报信息。

Patches & Fixes for CVE-2026-46203 (2)

https://nvd.nist.gov/vuln/detail/CVE-2026-46203

Same Patch Batch · Linux · 2026-05-28 · 138 CVEs total

CVE-2026-46189		RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
CVE-2026-46207		vsock/virtio: fix empty payload in tap skb for non-linear buffers
CVE-2026-46206		batman-adv: reject new tp_meter sessions during teardown
CVE-2026-46205		staging: media: atomisp: Disallow all private IOCTLs
CVE-2026-46204		drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
CVE-2026-46202		HID: appletb-kbd: run inactivity autodim from workqueues
CVE-2026-46201		drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import()
CVE-2026-46200		spi: mpc52xx: fix controller deregistration
CVE-2026-46199		drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
CVE-2026-46198		batman-adv: fix integer overflow on buff_pos
CVE-2026-46197		drm/amdkfd: validate SVM ioctl nattr against buffer size
CVE-2026-46196		tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
CVE-2026-46195		smb: client: validate dacloffset before building DACL pointers
CVE-2026-46193		xfrm: ah: account for ESN high bits in async callbacks
CVE-2026-46194		f2fs: fix node_cnt race between extent node destroy and writeback
CVE-2026-46192		spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad op
CVE-2026-46191		fbcon: Avoid OOB font access if console rotation fails
CVE-2026-46190		mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
CVE-2026-46179		ASoC: SOF: Don't allow pointer operations on unconfigured streams
CVE-2026-46177		ipmi: Add limits to event and receive message requests

Showing top 20 of 138 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux

Same vendor: Linux

V. Comments for CVE-2026-46203

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-46203— spi: cadence-quadspi: fix unclocked access on unbind

Possible ATT&CK Techniques 1AI

Affected Version Matrix 6

I. Basic Information for CVE-2026-46203

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-46203

III. Intelligence Information for CVE-2026-46203

Patches & Fixes for CVE-2026-46203 (2)

Same Patch Batch · Linux · 2026-05-28 · 138 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-46203

Leave a comment