Linux Kernel: Double spi_controller_put in Meson-SPICC Removal
CVE-2026-31489 Published on April 22, 2026
spi: meson-spicc: Fix double-put in remove path
In the Linux kernel, the following vulnerability has been resolved:
spi: meson-spicc: Fix double-put in remove path
meson_spicc_probe() registers the controller with
devm_spi_register_controller(), so teardown already drops the
controller reference via devm cleanup.
Calling spi_controller_put() again in meson_spicc_remove()
causes a double-put.
Products Associated with CVE-2026-31489
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 8311ee2164c5cd1b63a601ea366f540eae89f10e and below 40ad0334c17b23d8b66b1082ad1478a6202e90e2 is affected.
- Version 8311ee2164c5cd1b63a601ea366f540eae89f10e and below da06a104f0486355073ff0d1bcb1fcbebb7080d6 is affected.
- Version 8311ee2164c5cd1b63a601ea366f540eae89f10e and below 9b812ceb75a6260c17c91db4b9e74ead8cfa06f5 is affected.
- Version 8311ee2164c5cd1b63a601ea366f540eae89f10e and below 63542bb402b7013171c9f621c28b609eda4dbf1f is affected.
- Version ff056817560d72363b463ddac27822dc8c121280 is affected.
- Version 683b47d0ebb10ba0d272604b09686e023d10d40c is affected.
- Version a5bf7ef13ebf6adf62a69ab3542d4fc0564c082e is affected.
- Version 05565b469358a9a03034f7f712d83590a9f125a4 is affected.
- Version f2ca988aba4eaad1319e80eb1316a4ba5dbd6897 is affected.
- Version 5.14 is affected.
- Before 5.14 is unaffected.
- Version 6.12.80, <= 6.12.* is unaffected.
- Version 6.18.21, <= 6.18.* is unaffected.
- Version 6.19.11, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.