In the Linux kernel, the following vulnerability has been resolved:
spi: rockchip-sfc: Fix double-free in remove() callback
The driver uses devmspiregistercontroller() for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to spiunregister_controller() in the remove() callback can lead to a double-free.
And to make sure controller is unregistered before DMA buffer is unmapped, switch to use spiregistercontroller() in probe().
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43460.json",
"cna_assigner": "Linux"
}