CVE-2026-31489

spi: meson-spicc: Fix double-put in remove path

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path meson_spicc_probe() registers the controller with
devm_spi_register_controller(), so teardown already drops the
controller reference via devm cleanup. Calling spi_controller_put() again in meson_spicc_remove()
causes a double-put.

*Credits: N/A

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-03-09 CVE Reserved
2026-04-22 CVE Published
2026-04-28 CVE Updated
2026-04-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-415: Double Free

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/8311ee2164c5cd1b63a601ea366f540eae89f10e	Vuln. Introduced
https://git.kernel.org/stable/c/ff056817560d72363b463ddac27822dc8c121280	Vuln. Introduced
https://git.kernel.org/stable/c/683b47d0ebb10ba0d272604b09686e023d10d40c	Vuln. Introduced
https://git.kernel.org/stable/c/a5bf7ef13ebf6adf62a69ab3542d4fc0564c082e	Vuln. Introduced
https://git.kernel.org/stable/c/05565b469358a9a03034f7f712d83590a9f125a4	Vuln. Introduced
https://git.kernel.org/stable/c/f2ca988aba4eaad1319e80eb1316a4ba5dbd6897	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/40ad0334c17b23d8b66b1082ad1478a6202e90e2	2026-04-02
https://git.kernel.org/stable/c/da06a104f0486355073ff0d1bcb1fcbebb7080d6	2026-04-02
https://git.kernel.org/stable/c/9b812ceb75a6260c17c91db4b9e74ead8cfa06f5	2026-04-02
https://git.kernel.org/stable/c/63542bb402b7013171c9f621c28b609eda4dbf1f	2026-03-23

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.12.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.12.80"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.18.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.18.21"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.19.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.19.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 7.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 7.0"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.244 Search vendor "Linux" for product "Linux Kernel" and version "4.14.244"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.203 Search vendor "Linux" for product "Linux Kernel" and version "4.19.203"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.4.140 Search vendor "Linux" for product "Linux Kernel" and version "5.4.140"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.58 Search vendor "Linux" for product "Linux Kernel" and version "5.10.58"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.13.10 Search vendor "Linux" for product "Linux Kernel" and version "5.13.10"		en		Affected