CVE-2026-31399

| EUVD-2026-18780
2026-04-03 Linux GHSA-j3fg-h3r6-7945

Lifecycle Timeline

3
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18780
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:16 nvd
N/A

Tags

Linux Linux Kernel Use After Free

Description

In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if device_add() fails in nd_async_device_register(). Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while scheduling async init") correctly added a reference on the parent device to be held until asynchronous initialization was complete. However, if device_add() results in an allocation failure the ref count of the device drops to 0 prior to the parent pointer being accessed. Thus resulting in use after free. The bug bot AI correctly identified the fix. Save a reference to the parent pointer to be used to drop the parent reference regardless of the outcome of device_add().

Analysis

Use-after-free in Linux kernel nvdimm/bus asynchronous device registration allows local denial of service when device_add() fails during nd_async_device_register(). The vulnerability occurs because a device reference is dropped before the parent pointer is safely accessed, causing a kernel crash or memory corruption. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2026-31399 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy