CVE-2026-23068

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23068
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23068.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-23068
Downstream
Related
Published
2026-02-04T16:07:49.119Z
Modified
2026-03-24T08:59:21.146766Z
Summary
spi: spi-sprd-adi: Fix double free in probe error path
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: spi-sprd-adi: Fix double free in probe error path

The driver currently uses spiallochost() to allocate the controller but registers it using devmspiregister_controller().

If devmregisterrestarthandler() fails, the code jumps to the putctlr label and calls spicontrollerput(). However, since the controller was registered via a devm function, the device core will automatically call spicontrollerput() again when the probe fails. This results in a double-free of the spi_controller structure.

Fix this by switching to devmspiallochost() and removing the manual spicontroller_put() call.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23068.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ac1775012058e13ef1522938e27f5973d9e3f053
Fixed
bddd3d10d039729b81cfb0804520c8832a701a0e
Fixed
417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c
Fixed
346775f2b4cf839177e8e86b94aa180a06dc15b0
Fixed
f6d6b3f172df118db582fe5ec43ae223a55d99cf
Fixed
383d4f5cffcc8df930d95b06518a9d25a6d74aac

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23068.json"