Skip to main content

Linux EUVDEUVD-2026-18667

| CVE-2026-23431 MEDIUM
Memory Leak (CWE-401)
2026-04-03 Linux GHSA-fx5r-48pf-8f7w
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 23, 2026 - 21:11 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
8e28a01b69f7ea8df7ceb15470cfe643b2828f4f
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18667
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()

In aml_spisg_probe(), ctlr is allocated by spi_alloc_target()/spi_alloc_host(), but fails to call spi_controller_put() in several error paths. This leads to a memory leak whenever the driver fails to probe after the initial allocation.

Convert to use devm_spi_alloc_host()/devm_spi_alloc_target() to fix the memory leak.

AnalysisAI

Memory leak in the Linux kernel's Amlogic SPI controller driver (aml_spisg_probe) fails to release SPI controller resources in multiple error paths during probe, allowing local attackers to exhaust kernel memory through repeated driver load/unload cycles or failed probe attempts. The vulnerability has been resolved in the upstream kernel by converting to device-managed SPI allocation functions.

Technical ContextAI

The Amlogic SPI controller driver allocates an SPI host/target controller via spi_alloc_host() or spi_alloc_target() in the probe function but omitted corresponding spi_controller_put() calls in error handling paths. This is a classic resource cleanup issue in Linux driver initialization. The fix leverages the kernel's devm (device-managed) infrastructure via devm_spi_alloc_host() and devm_spi_alloc_target(), which automatically release resources when the device is unbound, eliminating manual cleanup requirements. CWE mapping aligns with CWE-401 (Missing Release of Memory after Effective Lifetime) or CWE-191 (Integer Underflow/Wraparound) depending on classification taxonomy, though the core issue is incomplete error path cleanup.

RemediationAI

Update to a Linux kernel version that includes the upstream fix commits (bec21d97c968a4806939eb2946df49ea6c341bde, 8e28a01b69f7ea8df7ceb15470cfe643b2828f4f, or b8db9552997924b750e727a625a30eaa4603bbb9). Most Linux distributions have backported this fix to their stable kernel packages; check your distribution's security advisories and kernel update repositories. For custom kernel builds, cherry-pick the upstream fix or merge the commit into your kernel source tree. No workaround is available short of patching; affected systems should prioritize kernel updates to prevent memory exhaustion under SPI device probe stress conditions.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-18667 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy