5.5
CVE-2026-46074
- EPSS 0.12%
- Veröffentlicht 27.05.2026 12:58:04
- Zuletzt bearbeitet 24.06.2026 16:59:17
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
spi: ch341: fix memory leaks on probe failures
In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an explicit URB kill on disconnect for symmetry (even if that is not strictly required as USB core would have stopped it in the current setup).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.11 < 6.12.86
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.27
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.02 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/5c6518633702d7f7b1153e9d8e042af847f11ef3
https://git.kernel.org/stable/c/ff8a7996dc8bf433efe2126ffdaee5b374a89e30
https://git.kernel.org/stable/c/9bee2faf9e21c796d0d222c9d84a98f41bd303a0
https://git.kernel.org/stable/c/b99e3ddb91b499d920e63a2daff8880be68cfe9e