CVE-2026-31621

Source
https://cve.org/CVERecord?id=CVE-2026-31621
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31621.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-31621
Downstream
Related
Published
2026-04-24T14:42:39.274Z
Modified
2026-06-18T03:56:28.571918399Z
Summary
bnge: return after auxiliary_device_uninit() in error path
Details

In the Linux kernel, the following vulnerability has been resolved:

bnge: return after auxiliarydeviceuninit() in error path

When auxiliarydeviceadd() fails, the error block calls auxiliarydeviceuninit() but does not return. The uninit drops the last reference and synchronously runs bngeauxdevrelease(), which sets bd->auxrdev = NULL and frees the underlying object. The subsequent bd->auxr_dev->net = bd->netdev then dereferences NULL, which is not a good thing to have happen when trying to clean up from an error.

Add the missing return, as the auxiliary bus documentation states is a requirement (seems that LLM tools read documentation better than humans do...)

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31621.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8ac050ec3b1c0dcb5e89cf86fe2ebe0afcc73554
Fixed
38c383ec6d37f4b5597f8e6a1f5c2ab31ea01d3a
Fixed
87bc3557c708110d83086bf091328271298a44e3
Fixed
8b0c25528cb64f71a73b5c0d49cbbcb68540a4ce

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31621.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.14
Type
ECOSYSTEM
Events
Introduced
6.20.0
Fixed
7.0.1

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31621.json"