CVE-2026-31389 PUBLISHED

spi: fix use-after-free on controller registration failure

Assigner: Linux
Reserved: 09.03.2026 Published: 03.04.2026 Updated: 03.04.2026

In the Linux kernel, the following vulnerability has been resolved:

spi: fix use-after-free on controller registration failure

Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free (of driver resources) and unclocked register accesses.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 to 0e23f50086da7d0b183dfeac26021acfcdee086b (excl.)
  • affected from 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 to 6bbd385b30c7fb6c7ee0669e9ada91490938c051 (excl.)
  • affected from 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 to afe27c1f43aa57530011f419be6ddf71306565d2 (excl.)
  • affected from 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 to 80f3e8cd2b4ad355b2ad2024cf423f6d183404f7 (excl.)
  • affected from 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 to 23b51bad2eb8787aa74324cfccefb258515ae5ba (excl.)
  • affected from 6598b91b5ac32bc756d7c3000a31f775d4ead1c4 to 8634e05b08ead636e926022f4a98416e13440df9 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.0 is affected
  • unaffected from 0 to 6.0 (excl.)
  • unaffected from 6.1.167 to 6.1.* (incl.)
  • unaffected from 6.6.130 to 6.6.* (incl.)
  • unaffected from 6.12.78 to 6.12.* (incl.)
  • unaffected from 6.18.20 to 6.18.* (incl.)
  • unaffected from 6.19.10 to 6.19.* (incl.)
  • unaffected from 7.0-rc5 to * (incl.)

References