CVE-2026-43356

Published: May 8, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adis_init The adis_init() function dereferences adis->ops to check if the individual function pointers (write, read, reset) are NULL, but does not first check if adis->ops itself is NULL. Drivers like adis16480, adis16490, adis16545 and others do not set custom ops and rely on adis_init() assigning the defaults. Since struct adis is zero-initialized by devm_iio_device_alloc(), adis->ops is NULL when adis_init() is called, causing a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : adis_init+0xc0/0x118 Call trace: adis_init+0xc0/0x118 adis16480_probe+0xe0/0x670 Fix this by checking if adis->ops is NULL before dereferencing it, falling through to assign the default ops in that case.

Vendor	Product	Versions
Linux	Linux	affected `3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4 - < ba19dd366528b961430f5195c2e382420703074f` affected `3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4 - < 1a48f94c63a078e7b6a2e59a637fc0858dc6510c` affected `3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4 - < 9990cd4f8827bd1ae3fb6eb7407630d8d463c430`
Linux	Linux	affected `6.15` unaffected `0 - < 6.15` unaffected `6.18.19 - <= 6.18.` unaffected `6.19.9 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/ba19dd366528b961430f5195c2e382420703074f

https://git.kernel.org/stable/c/1a48f94c63a078e7b6a2e59a637fc0858dc6510c

https://git.kernel.org/stable/c/9990cd4f8827bd1ae3fb6eb7407630d8d463c430

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43356

Description

Affected Products

References