{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23431", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.016Z", "datePublished": "2026-04-03T15:15:17.355Z", "dateUpdated": "2026-05-11T22:06:46.501Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:06:46.501Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: amlogic-spisg: Fix memory leak in aml_spisg_probe()\n\nIn aml_spisg_probe(), ctlr is allocated by\nspi_alloc_target()/spi_alloc_host(), but fails to call\nspi_controller_put() in several error paths. This leads\nto a memory leak whenever the driver fails to probe after\nthe initial allocation.\n\nConvert to use devm_spi_alloc_host()/devm_spi_alloc_target()\nto fix the memory leak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-amlogic-spisg.c"], "versions": [{"version": "cef9991e04aed3305c61c392e880f6e01a0c2ea4", "lessThan": "bec21d97c968a4806939eb2946df49ea6c341bde", "status": "affected", "versionType": "git"}, {"version": "cef9991e04aed3305c61c392e880f6e01a0c2ea4", "lessThan": "8e28a01b69f7ea8df7ceb15470cfe643b2828f4f", "status": "affected", "versionType": "git"}, {"version": "cef9991e04aed3305c61c392e880f6e01a0c2ea4", "lessThan": "b8db9552997924b750e727a625a30eaa4603bbb9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-amlogic-spisg.c"], "versions": [{"version": "6.17", "status": "affected"}, {"version": "0", "lessThan": "6.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/bec21d97c968a4806939eb2946df49ea6c341bde"}, {"url": "https://git.kernel.org/stable/c/8e28a01b69f7ea8df7ceb15470cfe643b2828f4f"}, {"url": "https://git.kernel.org/stable/c/b8db9552997924b750e727a625a30eaa4603bbb9"}], "title": "spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ED31AF6-5D81-4EE0-84BE-89EDBCE41784", "versionEndExcluding": "6.18.20", "versionStartIncluding": "6.17.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "96D34333-38BE-4414-9E79-6EB764329581", "versionEndExcluding": "6.19.10", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*", "matchCriteriaId": "7CC8B11D-82DC-4958-8DC7-BF5CC829A5E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: amlogic-spisg: Fix memory leak in aml_spisg_probe()\n\nIn aml_spisg_probe(), ctlr is allocated by\nspi_alloc_target()/spi_alloc_host(), but fails to call\nspi_controller_put() in several error paths. This leads\nto a memory leak whenever the driver fails to probe after\nthe initial allocation.\n\nConvert to use devm_spi_alloc_host()/devm_spi_alloc_target()\nto fix the memory leak."}], "id": "CVE-2026-23431", "lastModified": "2026-04-23T21:00:59.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-03T16:16:24.493", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8e28a01b69f7ea8df7ceb15470cfe643b2828f4f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b8db9552997924b750e727a625a30eaa4603bbb9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bec21d97c968a4806939eb2946df49ea6c341bde"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()", "id": "2454832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454832"}, "csaw": false, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's amlogic-spisg component. When the `aml_spisg_probe()` function, which initializes the SPI (Serial Peripheral Interface) driver, encounters an error during setup, it fails to release allocated memory. This oversight leads to a memory leak. Over time, repeated failures can exhaust system resources, potentially causing system instability or a Denial of Service (DoS)."], "name": "CVE-2026-23431", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23431\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23431\nhttps://lore.kernel.org/linux-cve-announce/2026040311-CVE-2026-23431-3aee@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cef9991e04aed3305c61c392e880f6e01a0c2ea4,bec21d97c968a4806939eb2946df49ea6c341bde)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cef9991e04aed3305c61c392e880f6e01a0c2ea4,8e28a01b69f7ea8df7ceb15470cfe643b2828f4f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cef9991e04aed3305c61c392e880f6e01a0c2ea4,b8db9552997924b750e727a625a30eaa4603bbb9)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.17"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.17)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.20,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc5,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T16:44:28.976573+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the amlogic-spisg memory\u2011leak fix.", "For distributors, back\u2011port the patch to the current kernel series and rebuild the kernel.", "Verify kernel logs for SPISG probe failures and confirm that the memory leak no longer occurs.", "If an immediate kernel update is unavailable, consider disabling the amlogic\u2011spisg module to prevent the fault during device enumeration."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via memory exhaustion"}, "threat_synthesis": {"affected_systems": "Linux kernel, all builds that include the amlogic-spisg driver. The driver is part of the mainline kernel; therefore any distribution shipping a kernel that contains this code is affected until the fix is incorporated. Specific version information is not enumerated, so all affected releases prior to the patch should be considered vulnerable.", "description_and_impact": "The flaw exists in the SPI driver for Amlogic devices on Linux. The aml_spisg_probe() routine allocates controller resources but, on several error paths, does not release them, leading to a memory leak. As the kernel continues to fail at probing, more memory is consumed until the system runs out of memory, causing a denial of service. The weakness is a heap memory management flaw (CWE-772).", "risk_and_exploitability": "The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low probability of active exploitation. The CVSS score of 5.5 reflects moderate severity and represents a memory exhaustion scenario that could lead to a system reboot or crash. Nonetheless, the impact is non\u2011trivial because a local or potential remote attacker who can cause the driver to fail during probe could force a memory\u2011exhaustion attack, resulting in a system reboot or crash. The fix replaces static allocation with device\u2011managed allocation, making the resources automatically released on error. The recommended action is to apply the patched kernel as soon as it is available."}}}}, "created": "2026-04-03T21:14:06.947789+00:00", "updated": "2026-04-28T16:45:06.186130+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}