Description
In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spi_alloc_host() to allocate the controller but registers it using devm_spi_register_controller(). If devm_register_restart_handler() fails, the code jumps to the put_ctlr label and calls spi_controller_put(). However, since the controller was registered via a devm function, the device core will automatically call spi_controller_put() again when the probe fails. This results in a double-free of the spi_controller structure. Fix this by switching to devm_spi_alloc_host() and removing the manual spi_controller_put() call.
References (5)
Scores
CVSS v3
7.8
EPSS
0.0002
EPSS Percentile
4.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (6)
linux/Kernel
4.17.0 - 6.1.162linux
linux/Kernel
6.13.0 - 6.18.8linux
linux/Kernel
6.2.0 - 6.6.122linux
linux/Kernel
6.7.0 - 6.12.68linux
linux/linux_kernel
6.19 rc1 (6 CPE variants)
linux/linux_kernel
4.17 - 6.1.162
Published
Feb 04, 2026
Tracked Since
Feb 18, 2026