CVE-2026-46074
Awaiting Analysis Awaiting Analysis - Queue
spi: ch341 USB-to-Serial Driver Memory Leak Fix

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an explicit URB kill on disconnect for symmetry (even if that is not strictly required as USB core would have stopped it in the current setup).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46074
EUVD
EUVD-2026-32456
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ch341 linux_kernel *
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's spi: ch341 driver, where memory leaks occur during probe failures. Specifically, when the driver fails to initialize properly, it does not correctly deregister the controller, disable pins, or kill and free the RX URB (USB Request Block). This improper handling can lead to memory leaks and use-after-free issues. The fix involves ensuring these resources are properly cleaned up on probe failures and adding an explicit URB kill on disconnect for symmetry.

Impact Analysis

The impact of this vulnerability includes potential memory leaks and use-after-free conditions in the Linux kernel when using the spi: ch341 driver. Memory leaks can degrade system performance over time by consuming resources unnecessarily, while use-after-free issues can lead to system instability or crashes. In some cases, such vulnerabilities might be exploitable to cause denial of service or other unintended behavior.

Mitigation Strategies

The vulnerability involves memory leaks and use-after-free issues in the ch341 SPI driver in the Linux kernel during probe failures.

To mitigate this vulnerability, ensure your Linux kernel is updated to a version where this issue is fixed. The fix involves proper deregistration of the controller, disabling pins, and killing and freeing the RX URB on probe failures, as well as explicitly killing the URB on disconnect.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46074. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart