CVE-2026-31389

Summary

In the Linux kernel, the following vulnerability has been resolved:

spi: fix use-after-free on controller registration failure

Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free (of driver resources) and unclocked register accesses.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6598b91b5ac32bc756d7c3000a31f775d4ead1c4 < 0e23f50086da7d0b183dfeac26021acfcdee086baffected
LinuxLinux6598b91b5ac32bc756d7c3000a31f775d4ead1c4 < 6bbd385b30c7fb6c7ee0669e9ada91490938c051affected
LinuxLinux6598b91b5ac32bc756d7c3000a31f775d4ead1c4 < afe27c1f43aa57530011f419be6ddf71306565d2affected
LinuxLinux6598b91b5ac32bc756d7c3000a31f775d4ead1c4 < 80f3e8cd2b4ad355b2ad2024cf423f6d183404f7affected
LinuxLinux6598b91b5ac32bc756d7c3000a31f775d4ead1c4 < 23b51bad2eb8787aa74324cfccefb258515ae5baaffected
LinuxLinux6598b91b5ac32bc756d7c3000a31f775d4ead1c4 < 8634e05b08ead636e926022f4a98416e13440df9affected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.1.167 <= 6.1.*unaffected
LinuxLinux6.6.130 <= 6.6.*unaffected
LinuxLinux6.12.78 <= 6.12.*unaffected
LinuxLinux6.18.20 <= 6.18.*unaffected
LinuxLinux6.19.10 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References