CVE-2026-31489

EUVD-2026-24857
In the Linux kernel, the following vulnerability has been resolved:

spi: meson-spicc: Fix double-put in remove path

meson_spicc_probe() registers the controller with
devm_spi_register_controller(), so teardown already drops the
controller reference via devm cleanup.

Calling spi_controller_put() again in meson_spicc_remove()
causes a double-put.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
4.14.244 ≤
𝑥
< 4.15
linuxlinux_kernel
4.19.203 ≤
𝑥
< 4.20
linuxlinux_kernel
5.4.140 ≤
𝑥
< 5.5
linuxlinux_kernel
5.10.58 ≤
𝑥
< 5.11
linuxlinux_kernel
5.13.10 ≤
𝑥
< 5.14
linuxlinux_kernel
5.14.1 ≤
𝑥
< 6.12.80
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.21
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.11
linuxlinux_kernel
5.14
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
linuxlinux_kernel
7.0:rc7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.10-1
fixed
sid
7.0.10-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.90-2
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/0d645c6d13fa0597935d3d16b09a7ba5d24ed284
https://git.kernel.org/stable/c/40ad0334c17b23d8b66b1082ad1478a6202e90e2
https://git.kernel.org/stable/c/63542bb402b7013171c9f621c28b609eda4dbf1f
https://git.kernel.org/stable/c/7434c64ddae88a02e7fb478bc256cc100d48d3e3
https://git.kernel.org/stable/c/9b812ceb75a6260c17c91db4b9e74ead8cfa06f5
https://git.kernel.org/stable/c/d61bcec3aec6f0244a9b963e0c76c00f771d49b6
https://git.kernel.org/stable/c/da06a104f0486355073ff0d1bcb1fcbebb7080d6