Primary

Context

Linux Kernel Resource Leak Vulnerability in SPI STM32 OSPI Driver Remove Callback

Vulnerability

Patched

A resource leak vulnerability has been identified in the Linux kernel's SPI STM32 OSPI driver. The issue arises in the remove callback, which prematurely exits if the PM runtime resume operation fails. This early return prevents the proper cleanup of the SPI controller and other associated resources. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability leads to a resource leak, where the SPI controller and other resources are not properly cleaned up, potentially causing issues such as memory leaks or resource exhaustion.

Remediation

Users can apply the available patch in the Linux kernel stable tree to address this vulnerability. The patch is included in the official Linux Git repository.

Added: May 1, 2026, 4:03 PM

Updated: May 1, 2026, 4:03 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

7.7

relevance

7.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

7.7

relevance

7.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Resource Leak Vulnerability in SPI STM32 OSPI Driver Remove Callback

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating