CVE-2026-46074 Linux CVE debrief

Who should care

Linux system administrators running kernels with CH341 USB-to-SPI adapter support; embedded systems developers using CH341 hardware; security teams tracking kernel driver vulnerabilities; distribution maintainers responsible for stable kernel backports

Technical summary

The CH341 SPI driver in the Linux kernel fails to properly release resources when probe() encounters an error condition. Specifically, the driver omits calls to spi_controller_unregister(), pinctrl_disable_pins(), and usb_kill_urb()/usb_free_urb() for the RX URB during error paths, causing memory leaks and potential use-after-free conditions. The fix introduces proper cleanup sequencing that mirrors the existing disconnect handler, ensuring all allocated resources are released regardless of initialization success or failure. An additional explicit URB kill operation was added to the disconnect path for defensive symmetry, though this is not strictly required as USB core stops URBs automatically in the current configuration.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable tree commits when available from distribution vendors
• Monitor vendor security advisories for backported fixes to supported kernel versions
• Review systems using CH341-based USB-to-SPI adapters for kernel version exposure
• Consider disabling CH341 SPI driver (CONFIG_SPI_CH341) if functionality is not required as interim risk reduction

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Fix commits identified in kernel.org stable tree. No CVSS score or severity assigned by NVD at time of disclosure (status: Awaiting Analysis). Vendor identification marked low confidence by source system due to 'Unknown Vendor' classification; evidence points to Linux kernel as affected product.

Official resources