CVE-2026-31759
- Source
- https://cve.org/CVERecord?id=CVE-2026-31759
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31759.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-31759
- Downstream
- Related
- Published
- 2026-05-01T14:14:51.895Z
- Modified
- 2026-06-26T08:29:10.514810082Z
- Summary
- usb: ulpi: fix double free in ulpi_register_interface() error path
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: ulpi: fix double free in ulpiregisterinterface() error path
When deviceregister() fails, ulpiregister() calls put_device() on ulpi->dev.
The device release callback ulpidevrelease() drops the OF node reference and frees ulpi, but the current error path in ulpiregisterinterface() then calls kfree(ulpi) again, causing a double free.
Let putdevice() handle the cleanup through ulpidevrelease() and avoid freeing ulpi again in ulpiregister_interface().
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31759.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/01af542392b5d41fd659d487015a71f627accce3
- https://git.kernel.org/stable/c/272a9b26c336a295e4e209157fed809706c1b1f7
- https://git.kernel.org/stable/c/2f70ba9dae13a190673cc3f9b4aad52179738f60
- https://git.kernel.org/stable/c/38c28fe25611099230f0965c925499bfcf46a795
- https://git.kernel.org/stable/c/8763f8317bb389aded32a32b08f6751cfff657d2
- https://git.kernel.org/stable/c/a6e5461f076c2ef63159f18e5cdbd30b50f0bc15
- https://git.kernel.org/stable/c/aaeae6533d77e6ed4def85baec01e2815ebbef61
- https://git.kernel.org/stable/c/ee248e6e941e4f2e634df2bd43e5f1ef810ab6df
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31759.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-31759
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced289fcff4bcdb1dcc0ce8788b7ea0f58a9e4a495fFixed2f70ba9dae13a190673cc3f9b4aad52179738f60Fixedee248e6e941e4f2e634df2bd43e5f1ef810ab6dfFixed272a9b26c336a295e4e209157fed809706c1b1f7Fixedaaeae6533d77e6ed4def85baec01e2815ebbef61Fixed8763f8317bb389aded32a32b08f6751cfff657d2Fixed38c28fe25611099230f0965c925499bfcf46a795Fixeda6e5461f076c2ef63159f18e5cdbd30b50f0bc15Fixed01af542392b5d41fd659d487015a71f627accce3
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.2.0Fixed5.10.253
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.203
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.168
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.134
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.81
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.22
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed6.19.12