CVE-2026-43460

Published: May 8, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove() callback The driver uses devm_spi_register_controller() for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to spi_unregister_controller() in the remove() callback can lead to a double-free. And to make sure controller is unregistered before DMA buffer is unmapped, switch to use spi_register_controller() in probe().

Vendor	Product	Versions
Linux	Linux	affected `8011709906d0d6ff1ba9589de5a906bf6e430782 - < b6051f2bdd4bd3dde85b68558edd3a6843489221` affected `8011709906d0d6ff1ba9589de5a906bf6e430782 - < 85fb53351e6a3b921357a2178671e847a087e400` affected `8011709906d0d6ff1ba9589de5a906bf6e430782 - < 111e2863372c322e836e0c896f6dd9cf4ee08c71`
Linux	Linux	affected `6.14` unaffected `0 - < 6.14` unaffected `6.18.19 - <= 6.18.` unaffected `6.19.9 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/b6051f2bdd4bd3dde85b68558edd3a6843489221

https://git.kernel.org/stable/c/85fb53351e6a3b921357a2178671e847a087e400

https://git.kernel.org/stable/c/111e2863372c322e836e0c896f6dd9cf4ee08c71

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43460

Description

Affected Products

References