{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23068","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.954Z","datePublished":"2026-02-04T16:07:49.119Z","dateUpdated":"2026-05-11T21:59:22.846Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:59:22.846Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-sprd-adi: Fix double free in probe error path\n\nThe driver currently uses spi_alloc_host() to allocate the controller\nbut registers it using devm_spi_register_controller().\n\nIf devm_register_restart_handler() fails, the code jumps to the\nput_ctlr label and calls spi_controller_put(). However, since the\ncontroller was registered via a devm function, the device core will\nautomatically call spi_controller_put() again when the probe fails.\nThis results in a double-free of the spi_controller structure.\n\nFix this by switching to devm_spi_alloc_host() and removing the\nmanual spi_controller_put() call."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/spi/spi-sprd-adi.c"],"versions":[{"version":"ac1775012058e13ef1522938e27f5973d9e3f053","lessThan":"bddd3d10d039729b81cfb0804520c8832a701a0e","status":"affected","versionType":"git"},{"version":"ac1775012058e13ef1522938e27f5973d9e3f053","lessThan":"417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c","status":"affected","versionType":"git"},{"version":"ac1775012058e13ef1522938e27f5973d9e3f053","lessThan":"346775f2b4cf839177e8e86b94aa180a06dc15b0","status":"affected","versionType":"git"},{"version":"ac1775012058e13ef1522938e27f5973d9e3f053","lessThan":"f6d6b3f172df118db582fe5ec43ae223a55d99cf","status":"affected","versionType":"git"},{"version":"ac1775012058e13ef1522938e27f5973d9e3f053","lessThan":"383d4f5cffcc8df930d95b06518a9d25a6d74aac","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/spi/spi-sprd-adi.c"],"versions":[{"version":"4.17","status":"affected"},{"version":"0","lessThan":"4.17","status":"unaffected","versionType":"semver"},{"version":"6.1.162","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.122","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.68","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.8","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.1.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.6.122"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.12.68"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.18.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/bddd3d10d039729b81cfb0804520c8832a701a0e"},{"url":"https://git.kernel.org/stable/c/417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c"},{"url":"https://git.kernel.org/stable/c/346775f2b4cf839177e8e86b94aa180a06dc15b0"},{"url":"https://git.kernel.org/stable/c/f6d6b3f172df118db582fe5ec43ae223a55d99cf"},{"url":"https://git.kernel.org/stable/c/383d4f5cffcc8df930d95b06518a9d25a6d74aac"}],"title":"spi: spi-sprd-adi: Fix double free in probe error path","x_generator":{"engine":"bippy-1.2.0"}}}}