CVE-2026-31399Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count6 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if device_add() fails in nd_async_device_register(). Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while scheduling async init") correctly added a reference on the parent device to be held until asynchronous initialization was complete. However, if device_add() results in an allocation failure the

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linuxb6eae0f61db27748606cc00dafcfd1e2c032f0a59a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d+11
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
GHSA
GHSA-j3fg-h3r6-7945: In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisou2026-04-03
OSV
CVE-2026-31399: In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: nvdimm/bus: Fix potential use after free in asynchronous initialization2026-04-03
Debian
CVE-2026-31399: linux - In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus:...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-31399 Impact, Exploitability, and Mitigation Steps | Wiz