CVE-2026-43461 - Vulnerability Details

- spi: amlogic: spifc-a4: Fix DMA mapping error handling

Description

In the Linux kernel, the following vulnerability has been resolved:

spi: amlogic: spifc-a4: Fix DMA mapping error handling

Fix three bugs in aml_sfc_dma_buffer_setup() error paths:
1. Unnecessary goto: When the first DMA mapping (sfc->daddr) fails,
nothing needs cleanup. Use direct return instead of goto.
2. Double-unmap bug: When info DMA mapping failed, the code would
unmap sfc->daddr inline, then fall through to out_map_data which
would unmap it again, causing a double-unmap.
3. Wrong unmap size: The out_map_info label used datalen instead of
infolen when unmapping sfc->iaddr, which could lead to incorrect
DMA sync behavior.

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw lies in the Amlogic spifc‑a4 SPI flash controller driver in the Linux kernel. Three separate bugs were identified in the DMA buffer setup routine: an unnecessary jump that pretends to perform cleanup when the first DMA mapping fails, a double‑unmap that can corrupt kernel memory, and an incorrect unmap size that can cause improper synchronization. It is inferred that if the DMA mapping fails, the double‑unmap and incorrect unmap size can lead to a kernel panic or memory corruption, thereby causing a denial‑of‑service scenario when an attacker induces such a failure.

Affected Systems

All Linux kernel releases that contain the unpatched spifc‑a4 driver are affected; this includes embedded devices, single‑board computers, and other systems powered by Amlogic SoCs that use the driver. The precise kernel versions are those before the patch commits referenced in the advisory. Devices runing those kernel builds are at risk until the update is applied.

Risk and Exploitability

No CVSS score is disclosed and the EPSS score is less than 1%, indicating a very low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. The risk is local and manifests when a DMA mapping error occurs; an attacker would need to trigger that failure, which may require local or privileged access to the device. The potential impact is severe kernel memory corruption or a crash, resulting in a denial of service for the affected host.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9`	affected	< 0a83d6c9e149a176340190fa9cbadf2266db4c9a
`4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9`	affected	< c0b88f1176074f80140ed77fce909f254b7180ab
`4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9`	affected	< b20b437666e1cb26a7c499d1664e8f2a0ac67000

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9,0a83d6c9e149a176340190fa9cbadf2266db4c9a)`	affected	code_commit	—
`[4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9,c0b88f1176074f80140ed77fce909f254b7180ab)`	affected	code_commit	—
`[4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9,b20b437666e1cb26a7c499d1664e8f2a0ac67000)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	semver	—
`[0,6.18)`	unaffected	semver	—
`[6.18.19,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a build that includes the spifc‑a4 DMA mapping fix referenced in the commit logs.
Reboot or reload the driver after applying the patch so the corrected logic takes effect.
If the Amlogic SPI controller is not required, unload or disable the spifc‑a4 driver to avoid the issue until a permanent patch is available.

Generated by OpenCVE AI on May 9, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0a83d6c9e149a176340190fa9cbadf2266db4c9a
https://git.kernel.org/stable/c/b20b437666e1cb26a7c499d1664e8f2a0ac67000
https://git.kernel.org/stable/c/c0b88f1176074f80140ed77fce909f254b7180ab
https://lore.kernel.org/linux-cve-announce/2026050801-CVE-2026-43461-908f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43461
https://www.cve.org/CVERecord?id=CVE-2026-43461

History

Sat, 09 May 2026 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-122 CWE-415

Sat, 09 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-763
References		https://lore.kernel.org/linux-cve-announce/2026050801-CVE-2026-43461-908f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43461 https://www.cve.org/CVERecord?id=CVE-2026-43461

Fri, 08 May 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-122 CWE-415

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in aml_sfc_dma_buffer_setup() error paths: 1. Unnecessary goto: When the first DMA mapping (sfc->daddr) fails, nothing needs cleanup. Use direct return instead of goto. 2. Double-unmap bug: When info DMA mapping failed, the code would unmap sfc->daddr inline, then fall through to out_map_data which would unmap it again, causing a double-unmap. 3. Wrong unmap size: The out_map_info label used datalen instead of infolen when unmapping sfc->iaddr, which could lead to incorrect DMA sync behavior.
Title		spi: amlogic: spifc-a4: Fix DMA mapping error handling
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0a83d6c9e149a176340190fa9cbadf2266db4c9a https://git.kernel.org/stable/c/b20b437666e1cb26a7c499d1664e8f2a0ac67000 https://git.kernel.org/stable/c/c0b88f1176074f80140ed77fce909f254b7180ab

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:22:23.999Z

Updated: 2026-05-08T14:22:23.999Z

Reserved: 2026-05-01T14:12:56.010Z

Link: CVE-2026-43461

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:58.977

Modified: 2026-05-08T15:16:58.977

Link: CVE-2026-43461

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43461 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T16:30:37Z

Weaknesses

CWE-763

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object