CVE-2026-46074

Source
https://cve.org/CVERecord?id=CVE-2026-46074
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46074.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46074
Downstream
Related
Published
2026-05-27T12:58:04.703Z
Modified
2026-06-26T11:57:06.035694780Z
Summary
spi: ch341: fix memory leaks on probe failures
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: ch341: fix memory leaks on probe failures

Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free.

Also add an explicit URB kill on disconnect for symmetry (even if that is not strictly required as USB core would have stopped it in the current setup).

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46074.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8846739f52afa07e63395c80227dc544f54bd7b1
Fixed
5c6518633702d7f7b1153e9d8e042af847f11ef3
Fixed
ff8a7996dc8bf433efe2126ffdaee5b374a89e30
Fixed
9bee2faf9e21c796d0d222c9d84a98f41bd303a0
Fixed
b99e3ddb91b499d920e63a2daff8880be68cfe9e

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46074.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.12.86
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46074.json"