CVE-2026-23431 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() In aml_spisg_probe(), ctlr is allocated by spi_alloc_target()/spi_alloc_host(), but fails to call spi_controller_put() in several error paths. This leads to a memory leak whenever the driver fails to probe after the initial allocation. Convert to use devm_spi_alloc_host()/devm_spi_alloc_target() to fix the memory leak.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/8e28a01b69f7ea8df7ceb15470cfe643b2828f4f
https://git.kernel.org/stable/c/b8db9552997924b750e727a625a30eaa4603bbb9
https://git.kernel.org/stable/c/bec21d97c968a4806939eb2946df49ea6c341bde

History

Fri, 03 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() In aml_spisg_probe(), ctlr is allocated by spi_alloc_target()/spi_alloc_host(), but fails to call spi_controller_put() in several error paths. This leads to a memory leak whenever the driver fails to probe after the initial allocation. Convert to use devm_spi_alloc_host()/devm_spi_alloc_target() to fix the memory leak.
Title		spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/8e28a01b69f7ea8df7ceb15470cfe643b2828f4f https://git.kernel.org/stable/c/b8db9552997924b750e727a625a30eaa4603bbb9 https://git.kernel.org/stable/c/bec21d97c968a4806939eb2946df49ea6c341bde

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T15:15:17.355Z

Updated: 2026-04-03T15:15:17.355Z

Reserved: 2026-01-13T15:37:46.016Z

Link: CVE-2026-23431

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-03T16:16:24.493

Modified: 2026-04-03T16:16:24.493

Link: CVE-2026-23431

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23431", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.016Z", "datePublished": "2026-04-03T15:15:17.355Z", "dateUpdated": "2026-04-03T15:15:17.355Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-03T15:15:17.355Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: amlogic-spisg: Fix memory leak in aml_spisg_probe()\n\nIn aml_spisg_probe(), ctlr is allocated by\nspi_alloc_target()/spi_alloc_host(), but fails to call\nspi_controller_put() in several error paths. This leads\nto a memory leak whenever the driver fails to probe after\nthe initial allocation.\n\nConvert to use devm_spi_alloc_host()/devm_spi_alloc_target()\nto fix the memory leak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-amlogic-spisg.c"], "versions": [{"version": "cef9991e04aed3305c61c392e880f6e01a0c2ea4", "lessThan": "bec21d97c968a4806939eb2946df49ea6c341bde", "status": "affected", "versionType": "git"}, {"version": "cef9991e04aed3305c61c392e880f6e01a0c2ea4", "lessThan": "8e28a01b69f7ea8df7ceb15470cfe643b2828f4f", "status": "affected", "versionType": "git"}, {"version": "cef9991e04aed3305c61c392e880f6e01a0c2ea4", "lessThan": "b8db9552997924b750e727a625a30eaa4603bbb9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-amlogic-spisg.c"], "versions": [{"version": "6.17", "status": "affected"}, {"version": "0", "lessThan": "6.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "7.0-rc5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/bec21d97c968a4806939eb2946df49ea6c341bde"}, {"url": "https://git.kernel.org/stable/c/8e28a01b69f7ea8df7ceb15470cfe643b2828f4f"}, {"url": "https://git.kernel.org/stable/c/b8db9552997924b750e727a625a30eaa4603bbb9"}], "title": "spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()", "x_generator": {"engine": "bippy-1.2.0"}}}}