← Back

CVE-2026-31650

nvd nist
Published: Apr 24, 2026Modified: Apr 27, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix use-after-free on disconnect The vub300 driver maintains an explicit reference count for the controller and its driver data and the last reference can in theory be dropped after the driver has been unbound. This specifically means that the controller allocation must not be device managed as that can lead to use-after-free. Note that the lifetime is currently also incorrectly tied the parent USB device rather than interface, which can lead to memory leaks if the driver is unbound without its device being physically disconnected (e.g. on probe deferral). Fix both issues by reverting to non-managed allocation of the controller.

Affected (10)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 6.17.1 to 6.18.23
Linux Kernel
From 6.19 to 6.19.13
Linux Kernel
Version 6.17
Linux Kernel
Version 7.0 rc1
Linux Kernel
Version 7.0 rc2
Linux Kernel
Version 7.0 rc3
Linux Kernel
Version 7.0 rc4
Linux Kernel
Version 7.0 rc5
Linux Kernel
Version 7.0 rc6
Linux Kernel
Version 7.0 rc7

Related CWEs

CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (3)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

Timeline

No history available yet.