CVE-2026-46228

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: ch341: fix devres lifetime<br /> <br /> USB drivers bind to USB interfaces and any device managed resources<br /> should have their lifetime tied to the interface rather than parent USB<br /> device. This avoids issues like memory leaks when drivers are unbound<br /> without their devices being physically disconnected (e.g. on probe<br /> deferral or configuration changes).<br /> <br /> Fix the controller and driver data lifetime so that they are released<br /> on driver unbind.<br /> <br /> Note that this also makes sure that the SPI controller is placed<br /> correctly under the USB interface in the device tree.