CVE-2026-23068

If devmregisterrestarthandler() fails, the code jumps to the putctlr label and calls spicontrollerput(). However, since the controller was registered via a devm function, the device core will automatically call spicontrollerput() again when the probe fails. This results in a double-free of the spi_controller structure.

Fix this by switching to devmspiallochost() and removing the manual spicontroller_put() call.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23068.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ac1775012058e13ef1522938e27f5973d9e3f053

Fixed

bddd3d10d039729b81cfb0804520c8832a701a0e

Fixed

417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c

Fixed

346775f2b4cf839177e8e86b94aa180a06dc15b0

Fixed

f6d6b3f172df118db582fe5ec43ae223a55d99cf

Fixed

383d4f5cffcc8df930d95b06518a9d25a6d74aac

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23068.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.17.0

Fixed

6.1.162

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.122

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.68

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23068.json"