CVE-2026-46228
spi: ch341 driver devres lifetime fix
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability relates to the Linux kernel's SPI driver for the ch341 device. The issue was that USB drivers were binding device-managed resources to the parent USB device instead of the USB interface. This caused problems such as memory leaks when drivers were unbound without the physical disconnection of devices, for example during probe deferral or configuration changes.
The fix involved correcting the lifetime management of the SPI controller and driver data so that these resources are properly released when the driver is unbound. Additionally, the SPI controller is now correctly placed under the USB interface in the device tree.
How can this vulnerability impact me? :
This vulnerability can lead to memory leaks in the Linux kernel when USB drivers are unbound without the device being physically disconnected. Over time, such leaks can degrade system performance or stability, potentially causing resource exhaustion or unexpected behavior in systems using the affected SPI driver.