CVE-2026-43476 PUBLISHED

iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()

Assigner: Linux
Reserved: 01.05.2026 Published: 13.05.2026 Updated: 13.05.2026

In the Linux kernel, the following vulnerability has been resolved:

iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()

sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) instead of the intended __be32 element size (4 bytes). Use sizeof(*meas) to correctly match the buffer element type.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 8f3f130852785dac0759843835ca97c3bacc2b10 to 9aff2e9c2927ecd9652872a43a0725f101128104 (excl.)
  • affected from 8f3f130852785dac0759843835ca97c3bacc2b10 to 08881d82f94deaa51800360029908863e5c4c39d (excl.)
  • affected from 8f3f130852785dac0759843835ca97c3bacc2b10 to dcdf1e92674efb6692f4ebe189e0aa9fde23a541 (excl.)
  • affected from 8f3f130852785dac0759843835ca97c3bacc2b10 to 2a4d111a6a34afb8bb4f118009e7728ed2ec7e10 (excl.)
  • affected from 8f3f130852785dac0759843835ca97c3bacc2b10 to 90e978ace598567e6e30de79805bddf37cf892ac (excl.)
  • affected from 8f3f130852785dac0759843835ca97c3bacc2b10 to 165f12b40901c6a7aca15796da239726ddcdc5ad (excl.)
  • affected from 8f3f130852785dac0759843835ca97c3bacc2b10 to 216345f98cae7fcc84f49728c67478ac00321c87 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 5.14 is affected
  • unaffected from 0 to 5.14 (excl.)
  • unaffected from 5.15.203 to 5.15.* (incl.)
  • unaffected from 6.1.167 to 6.1.* (incl.)
  • unaffected from 6.6.130 to 6.6.* (incl.)
  • unaffected from 6.12.78 to 6.12.* (incl.)
  • unaffected from 6.18.19 to 6.18.* (incl.)
  • unaffected from 6.19.9 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References