CVE-2026-43461

HIGH

spi: amlogic: spifc-a4: Fix DMA mapping error handling

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in aml_sfc_dma_buffer_setup() error paths: 1. Unnecessary goto: When the first DMA mapping (sfc->daddr) fails, nothing needs cleanup. Use direct return instead of goto. 2. Double-unmap bug: When info DMA mapping failed, the code would unmap sfc->daddr inline, then fall through to out_map_data which would unmap it again, causing a double-unmap. 3. Wrong unmap size: The out_map_info label used datalen instead of infolen when unmapping sfc->iaddr, which could lead to incorrect DMA sync behavior.

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/0a83d6c9e149a176340190fa9cbadf2266db4c9a

https://git.kernel.org/stable/c/c0b88f1176074f80140ed77fce909f254b7180ab

https://git.kernel.org/stable/c/b20b437666e1cb26a7c499d1664e8f2a0ac67000

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (10)

Linux/Linux < 6.18

Linux/Linux 4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9 - 0a83d6c9e149a176340190fa9cbadf2266db4c9a

Linux/Linux 4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9 - b20b437666e1cb26a7c499d1664e8f2a0ac67000

Linux/Linux 4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9 - c0b88f1176074f80140ed77fce909f254b7180ab

Linux/Linux 6.18

Linux/Linux 6.18.19 - 6.18.*

Linux/Linux 6.19.9 - 6.19.*

Linux/Linux 7.0

linux/linux_kernel 7.0 rc1 (3 CPE variants)

linux/linux_kernel 6.18 - 6.18.19

Published May 08, 2026

Tracked Since May 08, 2026