CVE-2026-43460

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double-free issue exists in the rockchip-sfc SPI driver. The driver utilizes devm spi register controller() for registration, which automatically handles controller unregistration during device removal. However, a manual call to the spi unregister controller() function within the remove() callback triggers a double-free condition. To ensure the controller is unregistered before the DMA buffer is unmapped, the registration method must be changed to spi register controller() in the probe() function.

Recommendations Switch from devm spi register controller() to spi register controller() in the probe() function and ensure the remove() callback is handled correctly to prevent the double-free in the rockchip-sfc driver.