CVE-2026-31489
Description
In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path meson_spicc_probe() registers the controller with devm_spi_register_controller(), so teardown already drops the controller reference via devm cleanup. Calling spi_controller_put() again in meson_spicc_remove() causes a double-put.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | fixed | 6.19.11-1 |
| debian | sid | fixed | 6.19.11-1 |
| debian | trixie | fixed | 6.12.85-1 |
| linux-kernel | affected | 4.15 | |
| linux-kernel | 5.14 | affected | |
| linux-kernel | 7.0 | affected | |
References
- https://git.kernel.org/stable/c/0d645c6d13fa0597935d3d16b09a7ba5d24ed284
- https://git.kernel.org/stable/c/40ad0334c17b23d8b66b1082ad1478a6202e90e2
- https://git.kernel.org/stable/c/63542bb402b7013171c9f621c28b609eda4dbf1f
- https://git.kernel.org/stable/c/9b812ceb75a6260c17c91db4b9e74ead8cfa06f5
- https://git.kernel.org/stable/c/da06a104f0486355073ff0d1bcb1fcbebb7080d6
- https://www.suse.com/security/cve/CVE-2026-31489.html
- https://security-tracker.debian.org/tracker/CVE-2026-31489
CWEs
CWE-415
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.