Linux Kernel: spi rockchip-sfc Double-Free in remove(): CVE-2026-43460 May 2026

Linux Kernel: spi rockchip-sfc Double-Free in remove()
CVE-2026-43460 Published on May 8, 2026

spi: rockchip-sfc: Fix double-free in remove() callback
In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove() callback The driver uses devm_spi_register_controller() for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to spi_unregister_controller() in the remove() callback can lead to a double-free. And to make sure controller is unregistered before DMA buffer is unmapped, switch to use spi_register_controller() in probe().

Products Associated with CVE-2026-43460

Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.

Affected Versions

Version 8011709906d0d6ff1ba9589de5a906bf6e430782 and below b6051f2bdd4bd3dde85b68558edd3a6843489221 is affected.

Version 8011709906d0d6ff1ba9589de5a906bf6e430782 and below 85fb53351e6a3b921357a2178671e847a087e400 is affected.

Version 8011709906d0d6ff1ba9589de5a906bf6e430782 and below 111e2863372c322e836e0c896f6dd9cf4ee08c71 is affected.

Version 6.14 is affected.

Before 6.14 is unaffected.

Version 6.18.19, <= 6.18.* is unaffected.

Version 6.19.9, <= 6.19.* is unaffected.

Version 7.0, <= * is unaffected.

Linux Kernel: spi rockchip-sfc Double-Free in remove()CVE-2026-43460 Published on May 8, 2026

Products Associated with CVE-2026-43460

Affected Versions

Linux Kernel: spi rockchip-sfc Double-Free in remove()
CVE-2026-43460 Published on May 8, 2026