CVE-2026-23431 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()

In aml_spisg_probe(), ctlr is allocated by
spi_alloc_target()/spi_alloc_host(), but fails to call
spi_controller_put() in several error paths. This leads
to a memory leak whenever the driver fails to probe after
the initial allocation.

Convert to use devm_spi_alloc_host()/devm_spi_alloc_target()
to fix the memory leak.

Published: 2026-04-03

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The amlogic-spisg driver in the Linux kernel contains a memory leak in its probe routine because a controller allocation is not released when probe errors occur. Each time the driver fails to initialize, the allocated memory remains in kernel space, leading to a gradual depletion of available memory. Although the defect does not provide a direct path to remote code execution or privilege escalation, repeated probe failures can destabilize the system or cause a denial of service through exhaustion of kernel memory resources.

Affected Systems

All Linux kernel releases that include the amlogic-spisg driver before the patch that replaced aml_spisg_probe() with devm-managed allocations are affected. The advisory does not list exact version numbers; administrators should check whether their kernel contains the upstream commit that introduces the devm_spi_alloc_* calls. The vulnerability is therefore present in any kernel build that has not incorporated this change.

Risk and Exploitability

The CVSS score is not supplied and EPSS data is unavailable, indicating limited publicly known exploitation. The bug is not listed in the CISA KEV catalog. Exploitation requires the ability to trigger repeated probe failures, which generally implies local control or the capability to influence device initialization. Consequently the risk profile is moderate, primarily representing a local denial-of-service scenario rather than a remote attack vector.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`cef9991e04aed3305c61c392e880f6e01a0c2ea4`	affected	< bec21d97c968a4806939eb2946df49ea6c341bde
`cef9991e04aed3305c61c392e880f6e01a0c2ea4`	affected	< 8e28a01b69f7ea8df7ceb15470cfe643b2828f4f
`cef9991e04aed3305c61c392e880f6e01a0c2ea4`	affected	< b8db9552997924b750e727a625a30eaa4603bbb9

Linux

affected

Version	Status	Constraints
`6.17`	affected	—
`0`	unaffected	< 6.17
`6.18.20`	unaffected	≤ 6.18.*
`6.19.10`	unaffected	≤ 6.19.*
`7.0-rc5`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[cef9991e04aed3305c61c392e880f6e01a0c2ea4,bec21d97c968a4806939eb2946df49ea6c341bde)`	affected	code_commit	—
`[cef9991e04aed3305c61c392e880f6e01a0c2ea4,8e28a01b69f7ea8df7ceb15470cfe643b2828f4f)`	affected	code_commit	—
`[cef9991e04aed3305c61c392e880f6e01a0c2ea4,b8db9552997924b750e727a625a30eaa4603bbb9)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.17`	affected	generic	—
`[0,6.17)`	unaffected	generic	—
`[6.18.20,6.19.0)`	unaffected	generic	—
`[6.19.10,6.20.0)`	unaffected	generic	—
`[7.0-rc5,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel update that includes the recent commits to amlogic-spisg.
If a patch is not yet available, blacklist or disable the amlogic-spisg driver until the update can be applied.
Monitor kernel logs for spisg probe failures and track memory usage to detect early signs of resource exhaustion.

Generated by OpenCVE AI on April 3, 2026 at 18:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/8e28a01b69f7ea8df7ceb15470cfe643b2828f4f
https://git.kernel.org/stable/c/b8db9552997924b750e727a625a30eaa4603bbb9
https://git.kernel.org/stable/c/bec21d97c968a4806939eb2946df49ea6c341bde
https://lore.kernel.org/linux-cve-announce/2026040311-CVE-2026-23431-3aee@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23431
https://www.cve.org/CVERecord?id=CVE-2026-23431

History

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026040311-CVE-2026-23431-3aee@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23431 https://www.cve.org/CVERecord?id=CVE-2026-23431

Fri, 03 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Fri, 03 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() In aml_spisg_probe(), ctlr is allocated by spi_alloc_target()/spi_alloc_host(), but fails to call spi_controller_put() in several error paths. This leads to a memory leak whenever the driver fails to probe after the initial allocation. Convert to use devm_spi_alloc_host()/devm_spi_alloc_target() to fix the memory leak.
Title		spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/8e28a01b69f7ea8df7ceb15470cfe643b2828f4f https://git.kernel.org/stable/c/b8db9552997924b750e727a625a30eaa4603bbb9 https://git.kernel.org/stable/c/bec21d97c968a4806939eb2946df49ea6c341bde

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T15:15:17.355Z

Updated: 2026-04-03T15:15:17.355Z

Reserved: 2026-01-13T15:37:46.016Z

Link: CVE-2026-23431

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-03T16:16:24.493

Modified: 2026-04-03T16:16:24.493

Link: CVE-2026-23431

Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23431 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-03T21:16:20Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object