CVE-2026-46074
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
A vulnerability related to memory leaks on probe failures has been fixed in the Linux kernel. In case of errors, it is necessary to deregister the controller, disable pins, and kill and free the RX URB to avoid memory leaks and use-after-free.
Risk Assessment
Organizations may be exposed to memory leaks, which can lead to decreased system performance and potential security issues.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and to monitor the system for any irregular behavior.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an explicit URB kill on disconnect for symmetry (even if that is not strictly required as USB core would have stopped it in the current setup).

