CVE-2026-23431 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime6 documents6 sources

Severity

5.3MEDIUM

No vector

EPSS

0.0%

top 94.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() In aml_spisg_probe(), ctlr is allocated by spi_alloc_target()/spi_alloc_host(), but fails to call spi_controller_put() in several error paths. This leads to a memory leak whenever the driver fails to probe after the initial allocation. Convert to use devm_spi_alloc_host()/devm_spi_alloc_target() to fix the memory leak.

Affected Packages3 packages

▶Debianlinux/linux_kernel< 6.19.10-1

▶CVEListV5linux/linuxcef9991e04aed3305c61c392e880f6e01a0c2ea4 — bec21d97c968a4806939eb2946df49ea6c341bde+3

▶debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

OSV

CVE-2026-23431: In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() In aml_spisg_probe(), ctl↗2026-04-03

▶

GHSA

GHSA-fx5r-48pf-8f7w: In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() In aml_spisg_probe(), c↗2026-04-03

▶

📋Vendor Advisories

Red Hat

kernel: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()↗2026-04-03

▶

Debian

CVE-2026-23431: linux - In the Linux kernel, the following vulnerability has been resolved: spi: amlogi...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23431 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶