CVE-2026-31487

In the Linux kernel, the following vulnerability has been resolved:

spi: use generic driver_override infrastructure

When a driver is probed through __driver_attach(), the bus’ match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.

Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.

Note that calling match() from __driver_attach() without the device lock
held is intentional. [1]

Also note that we do not enable the driver_override feature of struct
bus_type, as SPI – in contrast to most other buses – passes “” to
sysfs_emit() when the driver_override pointer is NULL. Thus, printing
“n” instead of “(null)n”.

More information : https://git.kernel.org/stable/c/c73a58661a760373d08a6883af4f0bb5cc991a67