CVE-2026-31783 - Vulnerability Details

- spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback

Description

In the Linux kernel, the following vulnerability has been resolved:

spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback

aml_sfc_probe() registers the on-host NAND ECC engine, but teardown was
missing from both probe unwind and remove-time cleanup. Add a devm cleanup
action after successful registration so
nand_ecc_unregister_on_host_hw_engine() runs automatically on probe
failures and during device removal.

Published: 2026-05-01

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

During driver initialization the Amlogic spifc-a4 SPI NAND flash controller registers an on-host ECC engine; however, if the probe fails or the device is later removed, the engine is never unregistered. This missing cleanup results in a kernel resource that remains allocated, which can degrade kernel stability or exhaust memory if repeatedly triggered. The weakness is a failure to release a resource.

Affected Systems

The Linux kernel contains the spifc-a4 driver that implements this functionality. Any distribution running a kernel that includes the driver before the patch that adds a devm cleanup action is affected. The issue is present in all kernel versions that contain the unpatched driver code.

Risk and Exploitability

The CVSS score is 5.5, and the EPSS score is <1%. The issue is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploiting the resource leak requires local kernel access or the ability to repeatedly trigger probe failures or device removal, which makes remote exploitation unlikely. Nevertheless, repeated failures could lead to a denial of service if an attacker can repeatedly cause probe crashes.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9`	affected	< ee4c064e37d4d0ddc5a7580933dbe79a2c6acafc
`4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9`	affected	< 5e11741aec3b242a197250b473c37b58f53a16b6
`4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9`	affected	< b0dc7e7c56573e7a52080f25f3179a45f3dd7e6f

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.18:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9,ee4c064e37d4d0ddc5a7580933dbe79a2c6acafc)`	affected	code_commit	—
`[4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9,5e11741aec3b242a197250b473c37b58f53a16b6)`	affected	code_commit	—
`[4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9,b0dc7e7c56573e7a52080f25f3179a45f3dd7e6f)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	generic	—
`[0,6.18)`	unaffected	generic	—
`[6.18.22,6.19.0)`	unaffected	semver	—
`[6.19.12,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a Linux kernel update that includes the patch for the Amlogic spifc-a4 driver (commit 5e11741…).
If an update cannot be applied immediately, consider disabling the spifc-a4 driver to prevent the resource leak.
Monitor system logs for repeated NAND device probe failures and verify that the ECC engine is unregistered after device removal.

Generated by OpenCVE AI on May 12, 2026 at 01:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/5e11741aec3b242a197250b473c37b58f53a16b6
https://git.kernel.org/stable/c/b0dc7e7c56573e7a52080f25f3179a45f3dd7e6f
https://git.kernel.org/stable/c/ee4c064e37d4d0ddc5a7580933dbe79a2c6acafc
https://lore.kernel.org/linux-cve-announce/2026050152-CVE-2026-31783-782b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31783
https://www.cve.org/CVERecord?id=CVE-2026-31783

History

Tue, 12 May 2026 00:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-772

Mon, 11 May 2026 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:6.18:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 02 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-459
References		https://lore.kernel.org/linux-cve-announce/2026050152-CVE-2026-31783-782b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31783 https://www.cve.org/CVERecord?id=CVE-2026-31783

Sat, 02 May 2026 12:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback aml_sfc_probe() registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanup action after successful registration so nand_ecc_unregister_on_host_hw_engine() runs automatically on probe failures and during device removal.
Title		spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/5e11741aec3b242a197250b473c37b58f53a16b6 https://git.kernel.org/stable/c/b0dc7e7c56573e7a52080f25f3179a45f3dd7e6f https://git.kernel.org/stable/c/ee4c064e37d4d0ddc5a7580933dbe79a2c6acafc

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:15:09.279Z

Updated: 2026-05-11T22:15:43.675Z

Reserved: 2026-03-09T15:48:24.141Z

Link: CVE-2026-31783

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-01T15:16:41.813

Modified: 2026-05-11T20:47:03.257

Link: CVE-2026-31783

Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31783 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-12T01:30:04Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object