13 May
2026
13 May
'26
10:56 a.m.
The SPI subsystem fixed a Use-After-Free vulnerability by switching to the generic bus-level driver_override infrastructure and removing the driver_override field from struct spi_device. As a result, downstream drivers can no longer access this field directly. Danilo Krummrich (1): spi: use generic driver_override infrastructure Krzysztof Kozlowski (1): spi: Use helper for safer setting of driver_override drivers/spi/spi.c | 43 ++++++++++------------------------------- include/linux/spi/spi.h | 4 +--- 2 files changed, 11 insertions(+), 36 deletions(-) -- 2.22.0