Kernel Vulnerability Affecting Amlogic SPI Driver in Linux
CVE-2026-43461

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43461?

This vulnerability in the Amlogic SPI driver within the Linux kernel involves flaws in DMA mapping error handling. Key issues include improper cleanup on DMA mapping failure, leading to resource leaks; a potential double-unmap situation that could occur when dealing with failed DMA mappings; and incorrect unmap size management which may disrupt DMA synchronization processes. These issues underscore the importance of careful handling of memory resources in driver development to prevent unintended consequences and system instability.

Affected Version(s)

Linux 4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9 < 0a83d6c9e149a176340190fa9cbadf2266db4c9a

Linux 4670db6f32e9379f5ab6c9bb2a6787cd9b9230a9

References

https://git.kernel.org/stable/c/0a83d6c9e149a176340190fa9...

https://git.kernel.org/stable/c/c0b88f1176074f80140ed77fc...

https://git.kernel.org/stable/c/b20b437666e1cb26a7c499d16...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43461 Data

JSON