Description
In the Linux kernel, the following vulnerability has been resolved:

spi: meson-spicc: Fix double-put in remove path

meson_spicc_probe() registers the controller with
devm_spi_register_controller(), so teardown already drops the
controller reference via devm cleanup.

Calling spi_controller_put() again in meson_spicc_remove()
causes a double-put.
Published: 2026-04-22
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Potential kernel crash or privilege escalation due to double‑release of a SPI controller reference
Action: Apply patch
AI Analysis

Impact

A double decrement of the reference count for the meson‑spicc SPI controller occurs when the driver’s remove path calls spi_controller_put() twice. This mis‑management can lead to the controller being released while still in use, potentially triggering a use‑after‑free, kernel crash, or allowing an attacker to execute arbitrary code with kernel privileges.

Affected Systems

The flaw resides in the Linux kernel’s meson‑spicc driver, affecting all kernel versions that include this driver before the patch. Version information is not specified in the advisory, but any release that contains the unfixed driver is vulnerable.

Risk and Exploitability

The CVSS score is 7.8, indicating a high severity. The EPSS score of 0.00023 (< 1%) indicates a very low but nonzero likelihood that the vulnerability will be actively exploited. The double reference count decrement is a classic use‑after‑free condition. While the vulnerability is not catalogued in CISA’s KEV, the potential impact is still high. An attacker would need to trigger the driver’s remove routine, which typically requires privileged or local access. In environments where an attacker can unload kernel modules or control device removal, the risk escalates to potential kernel compromise.

Generated by OpenCVE AI on April 29, 2026 at 02:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that contains the meson‑spicc double‑put fix. This patch removes the erroneous second reference count decrement and restores proper resource management.
  • If a kernel update is not immediately possible, disable the meson‑spicc driver or prevent the removal of its module so that the faulty remove path is never executed.
  • Create a udev rule that prevents removal of meson‑spicc devices for non‑privileged users, blocking the remove path from executing.

Generated by OpenCVE AI on April 29, 2026 at 02:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Sun, 17 May 2026 15:45:00 +0000

Type Values Removed Values Added
References

Wed, 29 Apr 2026 00:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Tue, 28 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415
CPEs cpe:2.3:o:linux:linux_kernel:5.14:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 27 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1341
References

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path meson_spicc_probe() registers the controller with devm_spi_register_controller(), so teardown already drops the controller reference via devm cleanup. Calling spi_controller_put() again in meson_spicc_remove() causes a double-put.
Title spi: meson-spicc: Fix double-put in remove path
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-17T15:21:30.216Z

Reserved: 2026-03-09T15:48:24.101Z

Link: CVE-2026-31489

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-04-22T14:16:46.603

Modified: 2026-05-17T16:16:15.687

Link: CVE-2026-31489

cve-icon Redhat

Severity :

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31489 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T02:30:07Z

Weaknesses