CVE-2026-23068

Description

In the Linux kernel, the following vulnerability has been resolved:spi: spi-sprd-adi: Fix double free in probe error pathThe driver currently uses spi_alloc_host() to allocate the controllerbut registers it using devm_spi_register_controller().If devm_register_restart_handler() fails, the code jumps to theput_ctlr label and calls spi_controller_put(). However, since thecontroller was registered via a devm function, the device core willautomatically call spi_controller_put() again when the probe fails.This results in a double-free of the spi_controller structure.Fix this by switching to devm_spi_alloc_host() and removing themanual spi_controller_put() call.

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.026

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234