CVE-2026-31489

Summary

In the Linux kernel, the following vulnerability has been resolved:

spi: meson-spicc: Fix double-put in remove path

meson_spicc_probe() registers the controller with devm_spi_register_controller(), so teardown already drops the controller reference via devm cleanup.

Calling spi_controller_put() again in meson_spicc_remove() causes a double-put.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux05565b469358a9a03034f7f712d83590a9f125a4 < 01f5f7976c24d6e9beef6b5a410af3b9b1d4d476affected
LinuxLinux8311ee2164c5cd1b63a601ea366f540eae89f10e < d61bcec3aec6f0244a9b963e0c76c00f771d49b6affected
LinuxLinux8311ee2164c5cd1b63a601ea366f540eae89f10e < 7434c64ddae88a02e7fb478bc256cc100d48d3e3affected
LinuxLinux8311ee2164c5cd1b63a601ea366f540eae89f10e < 0d645c6d13fa0597935d3d16b09a7ba5d24ed284affected
LinuxLinux8311ee2164c5cd1b63a601ea366f540eae89f10e < 40ad0334c17b23d8b66b1082ad1478a6202e90e2affected
LinuxLinux8311ee2164c5cd1b63a601ea366f540eae89f10e < da06a104f0486355073ff0d1bcb1fcbebb7080d6affected
LinuxLinux8311ee2164c5cd1b63a601ea366f540eae89f10e < 9b812ceb75a6260c17c91db4b9e74ead8cfa06f5affected
LinuxLinux8311ee2164c5cd1b63a601ea366f540eae89f10e < 63542bb402b7013171c9f621c28b609eda4dbf1faffected
LinuxLinuxff056817560d72363b463ddac27822dc8c121280affected
LinuxLinux683b47d0ebb10ba0d272604b09686e023d10d40caffected
LinuxLinuxa5bf7ef13ebf6adf62a69ab3542d4fc0564c082eaffected
LinuxLinuxf2ca988aba4eaad1319e80eb1316a4ba5dbd6897affected
LinuxLinux5.10.58 < 5.10.259affected
LinuxLinux4.14.244 < 4.15affected
LinuxLinux4.19.203 < 4.20affected
LinuxLinux5.4.140 < 5.5affected
LinuxLinux5.13.10 < 5.14affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.10.259 <= 5.10.*unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.140 <= 6.6.*unaffected
LinuxLinux6.12.80 <= 6.12.*unaffected
LinuxLinux6.18.21 <= 6.18.*unaffected
LinuxLinux6.19.11 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References