Linux · Linux Kernel · CVE-2021-46959
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
A use-after-free vulnerability has been resolved in the Linux kernel. The issue occurs when the devres list is torn down during spi unregister controller(), causing devices registered with devm spi alloc {master,slave}() to be mistakenly identified as legacy, non-devm managed devices. This leads to their reference counters being decremented below 0. The vulnerability is related to the devm spi release controller() function and the devres release all() function.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.