In the Linux kernel, the following vulnerability has been resolved:
hwmon: (powerz) Fix use-after-free on USB disconnect
After powerzdisconnect() frees the URB and releases the mutex, a subsequent powerzread() call can acquire the mutex and call powerzreaddata(), which dereferences the freed URB pointer.
Fix by: - Setting priv->urb to NULL in powerzdisconnect() so that powerzreaddata() can detect the disconnected state. - Adding a !priv->urb check at the start of powerzreaddata() to return -ENODEV on a disconnected device. - Moving usbset_intfdata() before hwmon registration so the disconnect handler can always find the priv pointer.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31582.json"
}