CVE-2026-31730
- Source
- https://cve.org/CVERecord?id=CVE-2026-31730
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31730.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-31730
- Downstream
- Published
- 2026-05-01T14:14:29.522Z
- Modified
- 2026-05-18T05:58:44.301656767Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- misc: fastrpc: possible double-free of cctx->remote_heap
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: possible double-free of cctx->remote_heap
fastrpcinitcreatestaticprocess() may free cctx->remoteheap on the errmap path but does not clear the pointer. Later, fastrpcrpmsgremove() frees cctx->remoteheap again if it is non-NULL, which can lead to a double-free if the INITCREATESTATIC ioctl hits the error path and the rpmsg device is subsequently removed/unbound. Clear cctx->remoteheap after freeing it in the error path to prevent the later cleanup from freeing it again.
This issue was found by an in-house analysis workflow that extracts AST-based information and runs static checks, with LLM assistance for triage, and was confirmed by manual code review. No hardware testing was performed.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31730.json" }- References
-
- https://git.kernel.org/stable/c/0bdee4118340c5a756220c1b29a7dab86bb0aa65
- https://git.kernel.org/stable/c/3a164f640953cc982804746e772d379171aff5c6
- https://git.kernel.org/stable/c/4b8e527aca357a6488680713bd88007cf8f547fe
- https://git.kernel.org/stable/c/ba2c83167b215da30fa2aae56b140198cf8d8408
- https://git.kernel.org/stable/c/f67d368d26764a357691b2b3a33d3cb55b435bfc
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31730.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-31730
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0871561055e666da421d779397efcc1e5e964cabFixed4b8e527aca357a6488680713bd88007cf8f547feFixed0bdee4118340c5a756220c1b29a7dab86bb0aa65Fixed3a164f640953cc982804746e772d379171aff5c6Fixedf67d368d26764a357691b2b3a33d3cb55b435bfcFixedba2c83167b215da30fa2aae56b140198cf8d8408