CVE-2026-23431 - Vulnerability Details

- spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()

Description

In the Linux kernel, the following vulnerability has been resolved:

spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()

In aml_spisg_probe(), ctlr is allocated by
spi_alloc_target()/spi_alloc_host(), but fails to call
spi_controller_put() in several error paths. This leads
to a memory leak whenever the driver fails to probe after
the initial allocation.

Convert to use devm_spi_alloc_host()/devm_spi_alloc_target()
to fix the memory leak.

Published: 2026-04-03

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw exists in the SPI driver for Amlogic devices on Linux. The aml_spisg_probe() routine allocates controller resources but, on several error paths, does not release them, leading to a memory leak. As the kernel continues to fail at probing, more memory is consumed until the system runs out of memory, causing a denial of service. The weakness is a heap memory management flaw (CWE-772).

Affected Systems

Linux kernel, all builds that include the amlogic-spisg driver. The driver is part of the mainline kernel; therefore any distribution shipping a kernel that contains this code is affected until the fix is incorporated. Specific version information is not enumerated, so all affected releases prior to the patch should be considered vulnerable.

Risk and Exploitability

The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low probability of active exploitation. Nevertheless, the impact is non‑trivial because a local or potential remote attacker who can cause the driver to fail during probe could force a memory‑exhaustion attack, resulting in a system reboot or crash. The fix replaces static allocation with device‑managed allocation, making the resources automatically released on error. The recommended action is to apply the patched kernel as soon as it is available.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`cef9991e04aed3305c61c392e880f6e01a0c2ea4`	affected	< bec21d97c968a4806939eb2946df49ea6c341bde
`cef9991e04aed3305c61c392e880f6e01a0c2ea4`	affected	< 8e28a01b69f7ea8df7ceb15470cfe643b2828f4f
`cef9991e04aed3305c61c392e880f6e01a0c2ea4`	affected	< b8db9552997924b750e727a625a30eaa4603bbb9

Linux

affected

Version	Status	Constraints
`6.17`	affected	—
`0`	unaffected	< 6.17
`6.18.20`	unaffected	≤ 6.18.*
`6.19.10`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.17:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[cef9991e04aed3305c61c392e880f6e01a0c2ea4,bec21d97c968a4806939eb2946df49ea6c341bde)`	affected	code_commit	—
`[cef9991e04aed3305c61c392e880f6e01a0c2ea4,8e28a01b69f7ea8df7ceb15470cfe643b2828f4f)`	affected	code_commit	—
`[cef9991e04aed3305c61c392e880f6e01a0c2ea4,b8db9552997924b750e727a625a30eaa4603bbb9)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.17`	affected	generic	—
`[0,6.17)`	unaffected	generic	—
`[6.18.20,6.19.0)`	unaffected	generic	—
`[6.19.10,6.20.0)`	unaffected	generic	—
`[7.0-rc5,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the amlogic-spisg memory‑leak fix.
For distributors, back‑port the patch to the current kernel series and rebuild the kernel.
Verify kernel logs for SPISG probe failures and confirm that the memory leak no longer occurs.
If an immediate kernel update is unavailable, consider disabling the amlogic‑spisg module to prevent the fault during device enumeration.

Generated by OpenCVE AI on April 7, 2026 at 09:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/8e28a01b69f7ea8df7ceb15470cfe643b2828f4f
https://git.kernel.org/stable/c/b8db9552997924b750e727a625a30eaa4603bbb9
https://git.kernel.org/stable/c/bec21d97c968a4806939eb2946df49ea6c341bde
https://lore.kernel.org/linux-cve-announce/2026040311-CVE-2026-23431-3aee@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23431
https://www.cve.org/CVERecord?id=CVE-2026-23431

History

Thu, 23 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:6.17:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Tue, 07 Apr 2026 08:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026040311-CVE-2026-23431-3aee@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23431 https://www.cve.org/CVERecord?id=CVE-2026-23431

Fri, 03 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Fri, 03 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() In aml_spisg_probe(), ctlr is allocated by spi_alloc_target()/spi_alloc_host(), but fails to call spi_controller_put() in several error paths. This leads to a memory leak whenever the driver fails to probe after the initial allocation. Convert to use devm_spi_alloc_host()/devm_spi_alloc_target() to fix the memory leak.
Title		spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/8e28a01b69f7ea8df7ceb15470cfe643b2828f4f https://git.kernel.org/stable/c/b8db9552997924b750e727a625a30eaa4603bbb9 https://git.kernel.org/stable/c/bec21d97c968a4806939eb2946df49ea6c341bde

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T15:15:17.355Z

Updated: 2026-04-13T06:07:19.272Z

Reserved: 2026-01-13T15:37:46.016Z

Link: CVE-2026-23431

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-03T16:16:24.493

Modified: 2026-04-23T21:00:59.380

Link: CVE-2026-23431

Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23431 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-08T19:54:07Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object