Description
In the Linux kernel, the following vulnerability has been resolved:

spi: ch341: fix memory leaks on probe failures

Make sure to deregister the controller, disable pins, and kill and free
the RX URB on probe failures to mirror disconnect and avoid memory
leaks and use-after-free.

Also add an explicit URB kill on disconnect for symmetry (even if that
is not strictly required as USB core would have stopped it in the
current setup).
Published: 2026-05-27
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel driver for the CH341 USB‑to‑SPI interface, the probe routine does not properly clean up when a failure occurs; the controller remains registered, pins stay enabled, and the receive URB is not freed. This omission creates a use‑after‑free and memory‑leak condition that could corrupt kernel memory and potentially allow privileged code execution.

Affected Systems

This flaw is present in every Linux kernel that ships the CH341 driver without the recent commit references. Because the commit URLs are included, users can determine whether their kernel includes the fix. No explicit version range is given, so any system that has not incorporated those commits is considered affected.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, but the lack of a mitigated path keeps risk significant. The attack vector is inferred from the description: an attacker would need to supply a CH341 USB device that triggers the probe failure path, meaning local or device‑injection access is likely required. If executed, the resulting use‑after‑free could allow a local attacker to gain kernel‑level code execution.

Generated by OpenCVE AI on May 28, 2026 at 04:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the system kernel to a version that includes the CH341 driver fix referenced in the provided commit URLs.
  • Blacklist the ch341 module via a modprobe.d configuration to prevent the driver from loading until the patch is applied.
  • Create a udev rule that rejects the CH341 device by vendor/product IDs to stop probe attempts until a fix is available.

Generated by OpenCVE AI on May 28, 2026 at 04:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 03:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CWE-416

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 27 May 2026 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CWE-416

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an explicit URB kill on disconnect for symmetry (even if that is not strictly required as USB core would have stopped it in the current setup).
Title spi: ch341: fix memory leaks on probe failures
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:52:24.650Z

Reserved: 2026-05-13T15:03:33.096Z

Link: CVE-2026-46074

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:28.717

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46074

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46074 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T04:30:06Z

Weaknesses
  • CWE-772

    Missing Release of Resource after Effective Lifetime