CVE-2026-43460
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: rockchip-sfc: Fix double-free in remove() callback
The driver uses devm_spi_register_controller() for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to spi_unregister_controller() in the remove() callback can lead to a double-free.
And to make sure controller is unregistered before DMA buffer is unmapped, switch to use spi_register_controller() in probe().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 8011709906d0d6ff1ba9589de5a906bf6e430782 < b6051f2bdd4bd3dde85b68558edd3a6843489221 | affected |
| Linux | Linux | 8011709906d0d6ff1ba9589de5a906bf6e430782 < 85fb53351e6a3b921357a2178671e847a087e400 | affected |
| Linux | Linux | 8011709906d0d6ff1ba9589de5a906bf6e430782 < 111e2863372c322e836e0c896f6dd9cf4ee08c71 | affected |
| Linux | Linux | 6.14 | affected |
| Linux | Linux | 0 < 6.14 | unaffected |
| Linux | Linux | 6.18.19 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.9 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/b6051f2bdd4bd3dde85b68558edd3a6843489221
- https://git.kernel.org/stable/c/85fb53351e6a3b921357a2178671e847a087e400
- https://git.kernel.org/stable/c/111e2863372c322e836e0c896f6dd9cf4ee08c71
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.