CVE-2026-23068

HIGH

Linux Kernel 4.17-6.1.161, 6.2-6.6.121, 6.7-6.12.67, 6.13-6.18.7 - Use-After-Free in SPI Controller Error Path

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spi_alloc_host() to allocate the controller but registers it using devm_spi_register_controller(). If devm_register_restart_handler() fails, the code jumps to the put_ctlr label and calls spi_controller_put(). However, since the controller was registered via a devm function, the device core will automatically call spi_controller_put() again when the probe fails. This results in a double-free of the spi_controller structure. Fix this by switching to devm_spi_alloc_host() and removing the manual spi_controller_put() call.

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/bddd3d10d039729b81cfb0804520c8832a701a0e

Patch

https://git.kernel.org/stable/c/417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c

Patch

https://git.kernel.org/stable/c/346775f2b4cf839177e8e86b94aa180a06dc15b0

Patch

https://git.kernel.org/stable/c/f6d6b3f172df118db582fe5ec43ae223a55d99cf

Patch

https://git.kernel.org/stable/c/383d4f5cffcc8df930d95b06518a9d25a6d74aac

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 2.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-415

Status published

Products (18)

linux/Kernel 4.17.0 - 6.1.162linux

linux/Kernel 6.13.0 - 6.18.8linux

linux/Kernel 6.2.0 - 6.6.122linux

linux/Kernel 6.7.0 - 6.12.68linux

Linux/Linux < 4.17

Linux/Linux 4.17

Linux/Linux 6.1.162 - 6.1.*

Linux/Linux 6.12.68 - 6.12.*

Linux/Linux 6.18.8 - 6.18.*

Linux/Linux 6.19

... and 8 more

Published Feb 04, 2026

Tracked Since Feb 18, 2026