Skip to main content

Linux CVE-2026-31389

| EUVDEUVD-2026-18761 HIGH
Use After Free (CWE-416)
2026-04-03 Linux
7.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
4.7 MEDIUM
qualitative

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 27, 2026 - 14:22 vuln.today
cvss_changed
CVSS changed
Apr 27, 2026 - 14:22 NVD
7.8 (HIGH)
Patch available
Apr 16, 2026 - 05:29 EUVD
8634e05b08ead636e926022f4a98416e13440df9,80f3e8cd2b4ad355b2ad2024cf423f6d183404f7,23b51bad2eb8787aa74324cfccefb258515ae5ba
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18761
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

spi: fix use-after-free on controller registration failure

Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free (of driver resources) and unclocked register accesses.

AnalysisAI

Use-after-free vulnerability in Linux kernel SPI controller registration allows local attackers to trigger unclocked register accesses and potential information disclosure when per-CPU statistics allocation fails during controller initialization. The vulnerability affects all Linux kernel versions and is fixed via proper driver core deregistration on allocation failure; no CVSS score or active exploitation data available at time of analysis.

Technical ContextAI

This vulnerability exists in the Linux kernel's SPI subsystem core (spi/core.c or equivalent). The root cause is a missing error-handling path: when spi_controller_register() attempts to allocate per-CPU statistics during device registration and that allocation fails, the function returns an error without properly deregistering the device from the driver core. This leaves the device registered with the core but in a partially-initialized state. Subsequent access attempts reference freed or uninitialized driver resources, leading to use-after-free conditions and potential unclocked register accesses (reads/writes to hardware registers without the clock enabled, causing undefined behavior). The CWE classification is not provided, but this falls under CWE-416 (Use After Free) and CWE-273 (Improper Check for Dropped Privileges). The affected component is the SPI controller registration path, which is architecture-independent and present in all Linux kernel builds with SPI support enabled.

RemediationAI

Apply kernel patches from the stable Linux repository using the upstream fix commits available at https://git.kernel.org/stable/. Systems should update to the latest stable kernel version in their release series (6.1.x, 6.6.x, 6.12.x, etc.) which includes the backported fix for SPI controller registration error handling. The fix involves adding proper driver core deregistration in the error path when per-CPU statistics allocation fails. No workaround is available for unpatched kernels; patching is the only mitigation. Verify the patch has been applied by checking kernel version and confirming spi_controller_register() includes the deregister_device() call in the error path.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31389 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy