CVE-2026-43460 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove() callback The driver uses devm_spi_register_controller() for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to spi_unregister_controller() in the remove() callback can lead to a double-free. And to make sure controller is unregistered before DMA buffer is unmapped, switch to use spi_register_controller() in probe().

PUBLISHED Reserved 2026-05-01 | Published 2026-05-08 | Updated 2026-05-08 | Assigner Linux

Product status

Default status

unaffected

8011709906d0d6ff1ba9589de5a906bf6e430782 (git) before b6051f2bdd4bd3dde85b68558edd3a6843489221

affected

8011709906d0d6ff1ba9589de5a906bf6e430782 (git) before 85fb53351e6a3b921357a2178671e847a087e400

affected

8011709906d0d6ff1ba9589de5a906bf6e430782 (git) before 111e2863372c322e836e0c896f6dd9cf4ee08c71

affected

Default status

affected

6.14

affected

Any version before 6.14

unaffected

6.18.19 (semver)

unaffected

6.19.9 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/b6051f2bdd4bd3dde85b68558edd3a6843489221

git.kernel.org/...c/85fb53351e6a3b921357a2178671e847a087e400

git.kernel.org/...c/111e2863372c322e836e0c896f6dd9cf4ee08c71

cve.org (CVE-2026-43460)

nvd.nist.gov (CVE-2026-43460)

Download JSON

help @ threatint.eu