CVE Catalog

CVE-2026-46074

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

A vulnerability related to memory leaks on probe failures has been fixed in the Linux kernel. In case of errors, it is necessary to deregister the controller, disable pins, and kill and free the RX URB to avoid memory leaks and use-after-free.

Risk Assessment

Organizations may be exposed to memory leaks, which can lead to decreased system performance and potential security issues.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and to monitor the system for any irregular behavior.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an explicit URB kill on disconnect for symmetry (even if that is not strictly required as USB core would have stopped it in the current setup).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS