CVE-2026-31689

Source
https://cve.org/CVERecord?id=CVE-2026-31689
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31689.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-31689
Downstream
Published
2026-04-27T17:34:27.793Z
Modified
2026-06-18T03:55:54.825204568Z
Summary
EDAC/mc: Fix error path ordering in edac_mc_alloc()
Details

In the Linux kernel, the following vulnerability has been resolved:

EDAC/mc: Fix error path ordering in edacmcalloc()

When the mci->pvtinfo allocation in edacmcalloc() fails, the error path will call putdevice() which will end up calling the device's release function.

However, the init ordering is wrong such that device_initialize() happens after the failed allocation and thus the device itself and the release function pointer are not initialized yet when they're called:

MCE: In-kernel MCE decoding enabled. ------------[ cut here ]------------ kobject: '(null)': is not initialized, yet kobjectput() is being called. WARNING: lib/kobject.c:734 at kobjectput, CPU#22: systemd-udevd CPU: 22 UID: 0 PID: 538 Comm: systemd-udevd Not tainted 7.0.0-rc1+ #2 PREEMPT(full) RIP: 0010:kobjectput Call Trace: <TASK> edacmcalloc+0xbe/0xe0 [edaccore] amd64edacinit+0x7a4/0xff0 [amd64_edac] ? __pfxamd64edacinit+0x10/0x10 [amd64edac] dooneinitcall ...

Reorder the calling sequence so that the device is initialized and thus the release function pointer is properly set before it can be used.

This was found by Claude while reviewing another EDAC patch.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31689.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0bbb265f7089584aaa6d440805ca75ea4f3930d4
Fixed
aae95970fad2127a1bd49d8713c7cd0677dcd2d6
Fixed
d3de72e2a2b9ee3a57734c1c068823e41a707715
Fixed
d20e98c2df9354cc744431ad8ccbf49405b8b40f
Fixed
87ce8ae511962e105bcb3534944208c6a9471ed9
Fixed
75825648ce984ca4cebb28e4bd2bf8c3a7e837c5
Fixed
51520e03e70d6c73e33ee7cbe0319767d05764fe

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31689.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
6.1.169
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.135
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.82
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.23
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.13

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31689.json"