CVE-2026-23068
- Source
- https://cve.org/CVERecord?id=CVE-2026-23068
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23068.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-23068
- Downstream
- Related
- Published
- 2026-02-04T16:07:49.119Z
- Modified
- 2026-05-15T11:54:33.793468519Z
- Summary
- spi: spi-sprd-adi: Fix double free in probe error path
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-sprd-adi: Fix double free in probe error path
The driver currently uses spiallochost() to allocate the controller but registers it using devmspiregister_controller().
If devmregisterrestarthandler() fails, the code jumps to the putctlr label and calls spicontrollerput(). However, since the controller was registered via a devm function, the device core will automatically call spicontrollerput() again when the probe fails. This results in a double-free of the spi_controller structure.
Fix this by switching to devmspiallochost() and removing the manual spicontroller_put() call.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23068.json" }- References
-
- https://git.kernel.org/stable/c/346775f2b4cf839177e8e86b94aa180a06dc15b0
- https://git.kernel.org/stable/c/383d4f5cffcc8df930d95b06518a9d25a6d74aac
- https://git.kernel.org/stable/c/417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c
- https://git.kernel.org/stable/c/bddd3d10d039729b81cfb0804520c8832a701a0e
- https://git.kernel.org/stable/c/f6d6b3f172df118db582fe5ec43ae223a55d99cf
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23068.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23068
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git