CVE-2026-31399
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvdimm/bus: Fix potential use after free in asynchronous initialization
Dingisoul with KASAN reports a use after free if device_add() fails in nd_async_device_register().
Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while scheduling async init") correctly added a reference on the parent device to be held until asynchronous initialization was complete. However, if device_add() results in an allocation failure the ref count of the device drops to 0 prior to the parent pointer being accessed. Thus resulting in use after free.
The bug bot AI correctly identified the fix. Save a reference to the parent pointer to be used to drop the parent reference regardless of the outcome of device_add().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b6eae0f61db27748606cc00dafcfd1e2c032f0a5 < 6fc36c2a925ceaba203eb13d75a8f0879a2c121b | affected |
| Linux | Linux | b6eae0f61db27748606cc00dafcfd1e2c032f0a5 < a36cf138500e56f50db9f9a33222df6969b38326 | affected |
| Linux | Linux | b6eae0f61db27748606cc00dafcfd1e2c032f0a5 < 9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d | affected |
| Linux | Linux | b6eae0f61db27748606cc00dafcfd1e2c032f0a5 < e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20e | affected |
| Linux | Linux | b6eae0f61db27748606cc00dafcfd1e2c032f0a5 < 2c638259ad750833fd46a0cf57672a618542d84c | affected |
| Linux | Linux | b6eae0f61db27748606cc00dafcfd1e2c032f0a5 < a226e5b49e5fe8c98b14f8507de670189d191348 | affected |
| Linux | Linux | b6eae0f61db27748606cc00dafcfd1e2c032f0a5 < 84af19855d1abdee3c9d57c0684e2868e391793c | affected |
| Linux | Linux | b6eae0f61db27748606cc00dafcfd1e2c032f0a5 < a8aec14230322ed8f1e8042b6d656c1631d41163 | affected |
| Linux | Linux | 8954771abdea5c34280870e35592c7226a816d95 | affected |
| Linux | Linux | 3e63a7f25cc85d3d3e174b9b0e3489ebb7eaf4ab | affected |
| Linux | Linux | 1490de2bb0836fc0631c04d0559fdf81545b672f | affected |
| Linux | Linux | e31a8418c8df7e6771414f99ed3d95ba8aca4e05 | affected |
| Linux | Linux | 4f1a55a4f990016406147cf3e0c9487bf83e50f0 | affected |
| Linux | Linux | 4.4.164 < 4.5 | affected |
| Linux | Linux | 4.9.137 < 4.10 | affected |
| Linux | Linux | 4.14.81 < 4.15 | affected |
| Linux | Linux | 4.18.19 < 4.19 | affected |
| Linux | Linux | 4.19.2 < 4.20 | affected |
| Linux | Linux | 4.20 | affected |
| Linux | Linux | 0 < 4.20 | unaffected |
| Linux | Linux | 5.10.253 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.203 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.167 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.130 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.78 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.20 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.10 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/6fc36c2a925ceaba203eb13d75a8f0879a2c121b
- https://git.kernel.org/stable/c/a36cf138500e56f50db9f9a33222df6969b38326
- https://git.kernel.org/stable/c/9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d
- https://git.kernel.org/stable/c/e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20e
- https://git.kernel.org/stable/c/2c638259ad750833fd46a0cf57672a618542d84c
- https://git.kernel.org/stable/c/a226e5b49e5fe8c98b14f8507de670189d191348
- https://git.kernel.org/stable/c/84af19855d1abdee3c9d57c0684e2868e391793c
- https://git.kernel.org/stable/c/a8aec14230322ed8f1e8042b6d656c1631d41163
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.