CVE-2026-31399

Summary

In the Linux kernel, the following vulnerability has been resolved:

nvdimm/bus: Fix potential use after free in asynchronous initialization

Dingisoul with KASAN reports a use after free if device_add() fails in nd_async_device_register().

Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while scheduling async init") correctly added a reference on the parent device to be held until asynchronous initialization was complete. However, if device_add() results in an allocation failure the ref count of the device drops to 0 prior to the parent pointer being accessed. Thus resulting in use after free.

The bug bot AI correctly identified the fix. Save a reference to the parent pointer to be used to drop the parent reference regardless of the outcome of device_add().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb6eae0f61db27748606cc00dafcfd1e2c032f0a5 < 6fc36c2a925ceaba203eb13d75a8f0879a2c121baffected
LinuxLinuxb6eae0f61db27748606cc00dafcfd1e2c032f0a5 < a36cf138500e56f50db9f9a33222df6969b38326affected
LinuxLinuxb6eae0f61db27748606cc00dafcfd1e2c032f0a5 < 9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4daffected
LinuxLinuxb6eae0f61db27748606cc00dafcfd1e2c032f0a5 < e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20eaffected
LinuxLinuxb6eae0f61db27748606cc00dafcfd1e2c032f0a5 < 2c638259ad750833fd46a0cf57672a618542d84caffected
LinuxLinuxb6eae0f61db27748606cc00dafcfd1e2c032f0a5 < a226e5b49e5fe8c98b14f8507de670189d191348affected
LinuxLinuxb6eae0f61db27748606cc00dafcfd1e2c032f0a5 < 84af19855d1abdee3c9d57c0684e2868e391793caffected
LinuxLinuxb6eae0f61db27748606cc00dafcfd1e2c032f0a5 < a8aec14230322ed8f1e8042b6d656c1631d41163affected
LinuxLinux8954771abdea5c34280870e35592c7226a816d95affected
LinuxLinux3e63a7f25cc85d3d3e174b9b0e3489ebb7eaf4abaffected
LinuxLinux1490de2bb0836fc0631c04d0559fdf81545b672faffected
LinuxLinuxe31a8418c8df7e6771414f99ed3d95ba8aca4e05affected
LinuxLinux4f1a55a4f990016406147cf3e0c9487bf83e50f0affected
LinuxLinux4.4.164 < 4.5affected
LinuxLinux4.9.137 < 4.10affected
LinuxLinux4.14.81 < 4.15affected
LinuxLinux4.18.19 < 4.19affected
LinuxLinux4.19.2 < 4.20affected
LinuxLinux4.20affected
LinuxLinux0 < 4.20unaffected
LinuxLinux5.10.253 <= 5.10.*unaffected
LinuxLinux5.15.203 <= 5.15.*unaffected
LinuxLinux6.1.167 <= 6.1.*unaffected
LinuxLinux6.6.130 <= 6.6.*unaffected
LinuxLinux6.12.78 <= 6.12.*unaffected
LinuxLinux6.18.20 <= 6.18.*unaffected
LinuxLinux6.19.10 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References