CVE-2026-31489
Received Received - Intake
Double-Release Vulnerability in Linux meson-spicc SPI Controller

Publication date: 2026-04-22

Last updated on: 2026-06-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path meson_spicc_probe() registers the controller with devm_spi_register_controller(), so teardown already drops the controller reference via devm cleanup. Calling spi_controller_put() again in meson_spicc_remove() causes a double-put.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31489
EUVD
EUVD-2026-24857
Affected Vendors & Products
Showing 16 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.14
linux linux_kernel From 4.14.244 (inc) to 4.15 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.21 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.11 (exc)
linux linux_kernel From 4.19.203 (inc) to 4.20 (exc)
linux linux_kernel From 5.10.58 (inc) to 5.11 (exc)
linux linux_kernel From 5.13.10 (inc) to 5.14 (exc)
linux linux_kernel From 5.14.1 (inc) to 6.12.80 (exc)
linux linux_kernel From 5.4.140 (inc) to 5.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is related to the Linux kernel's SPI (Serial Peripheral Interface) controller driver for Meson platforms. Specifically, the issue involves a double-put operation in the remove path of the meson-spicc driver.

The function meson_spicc_probe() registers the SPI controller using devm_spi_register_controller(), which manages the controller's lifecycle and automatically drops the controller reference during device management cleanup.

However, in the meson_spicc_remove() function, spi_controller_put() is called again explicitly, causing a double-put (i.e., releasing the controller reference twice), which is incorrect and can lead to undefined behavior.

Impact Analysis

A double-put in the SPI controller removal path can cause undefined behavior in the Linux kernel, such as use-after-free errors or memory corruption.

This may lead to system instability, crashes, or potential security issues if exploited, especially in systems relying on the affected SPI controller driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31489. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart