VDB
CVE-2026-31489
CVE-2026-31489
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path meson_spicc_probe() registers the controller with devm_spi_register_controller(), so teardown already drops the controller reference via devm cleanup. Calling spi_controller_put() again in meson_spicc_remove() causes a double-put.
EPSS 0.02% · 3.6th percentile
Risk Scores
EPSS Score
0.02%
3.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | *, 683b47d0ebb10ba0d272604b09686e023d10d40c, 05565b469358a9a03034f7f712d83590a9f125a4 |
| linux | linux_kernel | 5.14, 4.14.244, 4.19.203 |
Timeline
- Apr 22, 2026 CVE Published
- Apr 23, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/40ad0334c17b23d8b66b1082ad1478a6202e90e2 url
- https://git.kernel.org/stable/c/da06a104f0486355073ff0d1bcb1fcbebb7080d6 url
- https://git.kernel.org/stable/c/9b812ceb75a6260c17c91db4b9e74ead8cfa06f5 url
- https://git.kernel.org/stable/c/63542bb402b7013171c9f621c28b609eda4dbf1f url
- https://nvd.nist.gov/vuln/detail/CVE-2026-31489 advisory
- https://lists.debian.org/debian-security-announce/2026/msg00154.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00148.html advisory