Primary

Context

Linux Kernel CH341 SPI Driver USB Interface Devres Lifetime Management Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's CH341 USB to SPI driver has been addressed. The issue was related to improper management of device resources, which could lead to memory leaks when drivers were unbound without physical disconnection of the devices. This vulnerability affected the USB interface management in the device tree. The problem has been fixed by tying the lifetime of the driver data and SPI controller to the USB interface, ensuring proper resource release when the driver is unbound.

Impact

The vulnerability could cause memory leaks by not properly releasing resources when the driver is unbound, potentially leading to increased memory usage and degradation of system performance over time.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree to address this vulnerability.

Added: May 28, 2026, 10:50 AM

Updated: May 28, 2026, 10:50 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.1

remediation

7.7

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.1

remediation

7.7

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel CH341 SPI Driver USB Interface Devres Lifetime Management Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating