-
CVE-2026-31399
- EPSS 0.04%
- Veröffentlicht 03.04.2026 15:16:03
- Zuletzt bearbeitet 18.04.2026 09:16:29
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
nvdimm/bus: Fix potential use after free in asynchronous initialization
In the Linux kernel, the following vulnerability has been resolved:
nvdimm/bus: Fix potential use after free in asynchronous initialization
Dingisoul with KASAN reports a use after free if device_add() fails in
nd_async_device_register().
Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while
scheduling async init") correctly added a reference on the parent device
to be held until asynchronous initialization was complete. However, if
device_add() results in an allocation failure the ref count of the
device drops to 0 prior to the parent pointer being accessed. Thus
resulting in use after free.
The bug bot AI correctly identified the fix. Save a reference to the
parent pointer to be used to drop the parent reference regardless of the
outcome of device_add().Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
b6eae0f61db27748606cc00dafcfd1e2c032f0a5
Version <
6fc36c2a925ceaba203eb13d75a8f0879a2c121b
Status
affected
Version
b6eae0f61db27748606cc00dafcfd1e2c032f0a5
Version <
a36cf138500e56f50db9f9a33222df6969b38326
Status
affected
Version
b6eae0f61db27748606cc00dafcfd1e2c032f0a5
Version <
9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d
Status
affected
Version
b6eae0f61db27748606cc00dafcfd1e2c032f0a5
Version <
e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20e
Status
affected
Version
b6eae0f61db27748606cc00dafcfd1e2c032f0a5
Version <
2c638259ad750833fd46a0cf57672a618542d84c
Status
affected
Version
b6eae0f61db27748606cc00dafcfd1e2c032f0a5
Version <
a226e5b49e5fe8c98b14f8507de670189d191348
Status
affected
Version
b6eae0f61db27748606cc00dafcfd1e2c032f0a5
Version <
84af19855d1abdee3c9d57c0684e2868e391793c
Status
affected
Version
b6eae0f61db27748606cc00dafcfd1e2c032f0a5
Version <
a8aec14230322ed8f1e8042b6d656c1631d41163
Status
affected
Version
8954771abdea5c34280870e35592c7226a816d95
Status
affected
Version
3e63a7f25cc85d3d3e174b9b0e3489ebb7eaf4ab
Status
affected
Version
1490de2bb0836fc0631c04d0559fdf81545b672f
Status
affected
Version
e31a8418c8df7e6771414f99ed3d95ba8aca4e05
Status
affected
Version
4f1a55a4f990016406147cf3e0c9487bf83e50f0
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.20
Status
affected
Version
0
Version <
4.20
Status
unaffected
Version <=
5.10.*
Version
5.10.253
Status
unaffected
Version <=
5.15.*
Version
5.15.203
Status
unaffected
Version <=
6.1.*
Version
6.1.167
Status
unaffected
Version <=
6.6.*
Version
6.6.130
Status
unaffected
Version <=
6.12.*
Version
6.12.78
Status
unaffected
Version <=
6.18.*
Version
6.18.20
Status
unaffected
Version <=
6.19.*
Version
6.19.10
Status
unaffected
Version <=
*
Version
7.0
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.102 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|