CVE Catalog

CVE-2026-46282

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

In the Linux kernel, the admv1013 frequency driver has a NULL pointer dereference vulnerability. When device_property_read_string() fails, the str variable remains uninitialized, and the code proceeds to strcmp(str, ...), dereferencing garbage memory.

Risk Assessment

An attacker could trigger a kernel panic or potentially escalate privileges by controlling the uninitialized memory, leading to system instability or compromise.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit resolving the issue). For embedded systems using the admv1013 driver, manual backport of the patch is recommended.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When device_property_read_string() fails, str is left uninitialized but the code falls through to strcmp(str, ...), dereferencing a garbage pointer. Replace manual read/strcmp with device_property_match_property_string() and consolidate the SE mode enums into a single sequential enum, mapping to hardware register values via a switch consistent with other bitfields in the driver. Several cleanup patches have been applied to this driver recently so this will need a manual backport.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS