What is GHSA-p23v-v2wc-73m3?

GHSA-p23v-v2wc-73m3 is a security advisory published by GitHub Security Advisories with Medium severity. In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics...

Which CVE IDs does GHSA-p23v-v2wc-73m3 cover?

GHSA-p23v-v2wc-73m3 covers the following CVE IDs: CVE-2026-23475. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-p23v-v2wc-73m3?

GHSA-p23v-v2wc-73m3 has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-p23v-v2wc-73m3MediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics...

Vendor

GitHub Security Advisories

Published

April 3, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-23475 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

spi: fix statistics allocation

The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a NULL-pointer dereference.

Fix this by moving the statistics allocation to controller allocation while tying its lifetime to that of the controller (rather than using implicit devres).

🔗 References (8)

https://nvd.nist.gov/vuln/detail/CVE-2026-23475
https://git.kernel.org/stable/c/118ce777d39f03cac99231196f820e4f998613a8
https://git.kernel.org/stable/c/378b295f67102eef78cf2c28105f60ae1dab5cc1
https://git.kernel.org/stable/c/80c5bd0dca1cc5526ae0f4b273ccd163ed4caa4e
https://git.kernel.org/stable/c/dee0774bbb2abb172e9069ce5ffef579b12b3ae9
https://git.kernel.org/stable/c/df30056c78e8bead02d4be020199cabdbec0fef1
https://git.kernel.org/stable/c/f13100b1f5f111989f0750540a795fdef47492af
https://github.com/advisories/GHSA-p23v-v2wc-73m3