CVE-2026-31489

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double-put issue exists in the remove path of the meson-spicc SPI driver. The meson spicc probe() function registers the controller using devm spi register controller(), which ensures the controller reference is dropped during devm cleanup. Consequently, calling spi controller put() again within the meson spicc remove() function results in a double-put.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.