CVE-2026-31489
Double-Release Vulnerability in Linux meson-spicc SPI Controller
Publication date: 2026-04-22
Last updated on: 2026-04-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 5.14 |
| linux | linux_kernel | From 4.14.244 (inc) to 4.15 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.21 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.11 (exc) |
| linux | linux_kernel | From 4.19.203 (inc) to 4.20 (exc) |
| linux | linux_kernel | From 5.10.58 (inc) to 5.11 (exc) |
| linux | linux_kernel | From 5.13.10 (inc) to 5.14 (exc) |
| linux | linux_kernel | From 5.14.1 (inc) to 6.12.80 (exc) |
| linux | linux_kernel | From 5.4.140 (inc) to 5.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's SPI (Serial Peripheral Interface) controller driver for Meson platforms. Specifically, the issue involves a double-put operation in the remove path of the meson-spicc driver.
The function meson_spicc_probe() registers the SPI controller using devm_spi_register_controller(), which manages the controller's lifecycle and automatically drops the controller reference during device management cleanup.
However, in the meson_spicc_remove() function, spi_controller_put() is called again explicitly, causing a double-put (i.e., releasing the controller reference twice), which is incorrect and can lead to undefined behavior.
How can this vulnerability impact me? :
A double-put in the SPI controller removal path can cause undefined behavior in the Linux kernel, such as use-after-free errors or memory corruption.
This may lead to system instability, crashes, or potential security issues if exploited, especially in systems relying on the affected SPI controller driver.