CVE-2026-43461

Summary

In the Linux kernel, the following vulnerability has been resolved:

spi: amlogic: spifc-a4: Fix DMA mapping error handling

Fix three bugs in aml_sfc_dma_buffer_setup() error paths:

  1. Unnecessary goto: When the first DMA mapping (sfc->daddr) fails, nothing needs cleanup. Use direct return instead of goto.
  2. Double-unmap bug: When info DMA mapping failed, the code would unmap sfc->daddr inline, then fall through to out_map_data which would unmap it again, causing a double-unmap.
  3. Wrong unmap size: The out_map_info label used datalen instead of infolen when unmapping sfc->iaddr, which could lead to incorrect DMA sync behavior.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9 < 0a83d6c9e149a176340190fa9cbadf2266db4c9aaffected
LinuxLinux4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9 < c0b88f1176074f80140ed77fce909f254b7180abaffected
LinuxLinux4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9 < b20b437666e1cb26a7c499d1664e8f2a0ac67000affected
LinuxLinux6.18affected
LinuxLinux0 < 6.18unaffected
LinuxLinux6.18.19 <= 6.18.*unaffected
LinuxLinux6.19.9 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References