CVE-2026-31489

EUVD-2026-24857
In the Linux kernel, the following vulnerability has been resolved:

spi: meson-spicc: Fix double-put in remove path

meson_spicc_probe() registers the controller with
devm_spi_register_controller(), so teardown already drops the
controller reference via devm cleanup.

Calling spi_controller_put() again in meson_spicc_remove()
causes a double-put.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.19.11-1
fixed
sid
6.19.13-1
fixed
trixie
vulnerable
trixie (security)
vulnerable
References
https://git.kernel.org/stable/c/40ad0334c17b23d8b66b1082ad1478a6202e90e2
https://git.kernel.org/stable/c/63542bb402b7013171c9f621c28b609eda4dbf1f
https://git.kernel.org/stable/c/9b812ceb75a6260c17c91db4b9e74ead8cfa06f5
https://git.kernel.org/stable/c/da06a104f0486355073ff0d1bcb1fcbebb7080d6