Skip to main content

Linux Kernel CVE-2026-31732

| EUVDEUVD-2026-26545 MEDIUM
Memory Leak (CWE-401)
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 18:00 vuln.today
CVSS changed
May 07, 2026 - 15:52 NVD
5.5 (MEDIUM)
Patch available
May 01, 2026 - 16:02 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26545
CVE Published
May 01, 2026 - 14:14 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:14 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()

Since commit aab5c6f20023 ("gpio: set device type for GPIO chips"), gdev->dev.release is unset. As a result, the reference count to gdev->dev isn't dropped on the error handling paths.

Drop the reference on errors.

Also reorder the instructions to make the error handling simpler. Now gpiochip_add_data_with_key() roughly looks like:

>>> Some memory allocation. Go to ERR ZONE 1 on errors. >>> device_initialize().

gpiodev_release() takes over the responsibility for freeing the resources of gdev->dev. The subsequent error handling paths shouldn't go through ERR ZONE 1 again which leads to double free.

>>> Some initialization mainly on gdev. >>> The rest of initialization. Go to ERR ZONE 2 on errors. >>> Chip registration success and exit.

>>> ERR ZONE 2. gpio_device_put() and exit. >>> ERR ZONE 1.

AnalysisAI

Resource leaks in the Linux kernel GPIO subsystem allow local attackers with low privileges to cause denial of service through memory exhaustion during gpiochip initialization error handling. The vulnerability arises from improper reference counting in gpiochip_add_data_with_key() after device initialization, where error paths fail to release device references, leading to memory not being freed on function failure. CVSS 5.5 with EPSS 0.02% indicates low real-world exploitation probability despite local attack vector.

Technical ContextAI

The Linux kernel GPIO (General Purpose Input/Output) subsystem manages GPIO chip registration through the gpiochip_add_data_with_key() function. After commit aab5c6f20023 introduced device-type setting, the gdev->dev.release callback became unset, breaking the automatic reference-counting mechanism that normally guarantees resource cleanup through device_put(). The vulnerability is rooted in CWE-401 (Missing Release of Memory after Effective Lifetime), where allocated device structures are not freed when error paths are taken after device_initialize() but before successful registration. The fix reorders initialization stages to establish clear error zones: an early zone for allocation failures (handled by direct kfree) and a later zone where gpiodev_release() assumes responsibility for cleanup, preventing double-frees.

RemediationAI

Apply vendor-released patches from stable kernel branches: Linux 6.18.22 (commit f0cf9c7b7c281956cc0dec163132cd96f76e1d60), 6.19.12 (commit fb4584d2b324c522404c733c65840a1a6519ada8), or 7.0 and later (commit 16fdabe143fce2cbf89139677728e17e21b46c28), available at https://git.kernel.org/stable/. Users on long-term support kernels should check their distribution's stable update channels for backported fixes. If immediate patching is not feasible, disable GPIO module loading where GPIO hardware is not required, reducing attack surface; however, this impacts any user-space GPIO control via sysfs or device libraries. No workarounds exist short of hardware-level GPIO disabling or avoiding gpiochip initialization failures through stable hardware and driver configurations.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31732 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy