Cyber Resilience

CVE-2026-23068

High

Published: 04 February 2026

Published
04 February 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23068 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

CVE-2026-23068 is a double-free vulnerability (CWE-415) in the Linux kernel's spi-sprd-adi driver. The issue occurs during the probe error path, where the driver allocates a controller using spi_alloc_host() but registers it with devm_spi_register_controller(). If devm_register_restart_handler() fails, the code manually calls spi_controller_put(), but the device core automatically invokes it again upon probe failure, resulting in a double-free of the spi_controller structure. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-02-04.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could lead to high impacts on confidentiality, integrity, and availability, potentially allowing the attacker to cause kernel crashes, memory corruption, or arbitrary code execution through the double-free.

Mitigation involves applying the upstream kernel patches referenced in the stable git commits, such as https://git.kernel.org/stable/c/346775f2b4cf839177e8e86b94aa180a06dc15b0 and others listed. These patches resolve the issue by switching to devm_spi_alloc_host() for allocation and removing the manual spi_controller_put() call, preventing the double-free. Security practitioners should update affected Linux kernels to incorporate these fixes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spi_alloc_host() to allocate the controller but registers it using devm_spi_register_controller(). If devm_register_restart_handler() fails, the code jumps to…

more

the put_ctlr label and calls spi_controller_put(). However, since the controller was registered via a devm function, the device core will automatically call spi_controller_put() again when the probe fails. This results in a double-free of the spi_controller structure. Fix this by switching to devm_spi_alloc_host() and removing the manual spi_controller_put() call.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Double-free in Linux kernel driver enables local privilege escalation via memory corruption and arbitrary code execution (AV:L).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23387Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-31489Same product: Linux Linux Kernel
CVE-2026-23162Same product: Linux Linux Kernel
CVE-2026-31475Same product: Linux Linux Kernel
CVE-2026-31468Same product: Linux Linux Kernel
CVE-2024-56766Same product: Linux Linux Kernel
CVE-2024-58055Same product: Linux Linux Kernel
CVE-2026-31471Same product: Linux Linux Kernel
CVE-2026-23408Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.19 · 4.17 — 6.1.162 · 6.2 — 6.6.122 · 6.7 — 6.12.68

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates timely identification, reporting, prioritization, and remediation of flaws like the double-free in the spi-sprd-adi driver by applying upstream kernel patches.

prevent

SI-16 enforces memory protection mechanisms that mitigate exploitation of the double-free vulnerability by restricting unauthorized memory access, modification, or disclosure.

prevent

CM-7 restricts systems to least functionality by disabling unnecessary kernel drivers such as spi-sprd-adi when not required for hardware, preventing trigger of the probe error path vulnerability.

References