CVE-2026-43460

Source
https://cve.org/CVERecord?id=CVE-2026-43460
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43460.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43460
Downstream
Published
2026-05-08T14:22:23.332Z
Modified
2026-07-08T08:09:36.027810544Z
Summary
spi: rockchip-sfc: Fix double-free in remove() callback
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: rockchip-sfc: Fix double-free in remove() callback

The driver uses devmspiregistercontroller() for registration, which automatically unregisters the controller via devm cleanup when the device is removed. The manual call to spiunregister_controller() in the remove() callback can lead to a double-free.

And to make sure controller is unregistered before DMA buffer is unmapped, switch to use spiregistercontroller() in probe().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43460.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8011709906d0d6ff1ba9589de5a906bf6e430782
Fixed
b6051f2bdd4bd3dde85b68558edd3a6843489221
Fixed
85fb53351e6a3b921357a2178671e847a087e400
Fixed
111e2863372c322e836e0c896f6dd9cf4ee08c71

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43460.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.18.19
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43460.json"