CVE-2026-46282

Source
https://cve.org/CVERecord?id=CVE-2026-46282
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46282.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46282
Downstream
Related
Published
2026-06-08T15:41:25.273Z
Modified
2026-06-18T03:57:00.945612228Z
Summary
iio: frequency: admv1013: fix NULL pointer dereference on str
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: frequency: admv1013: fix NULL pointer dereference on str

When devicepropertyreadstring() fails, str is left uninitialized but the code falls through to strcmp(str, ...), dereferencing a garbage pointer. Replace manual read/strcmp with devicepropertymatchproperty_string() and consolidate the SE mode enums into a single sequential enum, mapping to hardware register values via a switch consistent with other bitfields in the driver.

Several cleanup patches have been applied to this driver recently so this will need a manual backport.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46282.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
da35a7b526d9b258a2cb8b7816f736a41b32176b
Fixed
3a9d8ec2051c2d80158ed7bded5e158c42870037
Fixed
5e9f1bad26df3d3afb3cbbfa408b6d6e809708ac
Fixed
2dc8d26690bf4e7226409563221c37bc095c94ff
Fixed
aac0a51b16700b403a55b67ba495de021db78763

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46282.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
6.12.86
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46282.json"