CVE-2026-31389 — Expired Pointer Dereference in Linux

CWE-825 — Expired Pointer Dereference6 documents6 sources

Severity

4.7MEDIUM

No vector

EPSS

0.0%

top 90.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free (of driver resources) and unclocked register accesses.

Affected Packages3 packages

▶Debianlinux/linux_kernel< 6.19.10-1

▶CVEListV5linux/linux6598b91b5ac32bc756d7c3000a31f775d4ead1c4 — 0e23f50086da7d0b183dfeac26021acfcdee086b+6

▶debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

OSV

CVE-2026-31389: In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister↗2026-04-03

▶

GHSA

GHSA-7jq8-3vqq-qc62: In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregist↗2026-04-03

▶

📋Vendor Advisories

Red Hat

kernel: spi: fix use-after-free on controller registration failure↗2026-04-03

▶

Debian

CVE-2026-31389: linux - In the Linux kernel, the following vulnerability has been resolved: spi: fix us...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-31389 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶