CVE-2026-31732

Summary

In the Linux kernel, the following vulnerability has been resolved:

gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()

Since commit aab5c6f20023 ("gpio: set device type for GPIO chips"), gdev->dev.release is unset. As a result, the reference count to gdev->dev isn't dropped on the error handling paths.

Drop the reference on errors.

Also reorder the instructions to make the error handling simpler. Now gpiochip_add_data_with_key() roughly looks like:

>>> Some memory allocation. Go to ERR ZONE 1 on errors. >>> device_initialize().

gpiodev_release() takes over the responsibility for freeing the resources of gdev->dev. The subsequent error handling paths shouldn't go through ERR ZONE 1 again which leads to double free.

>>> Some initialization mainly on gdev. >>> The rest of initialization. Go to ERR ZONE 2 on errors. >>> Chip registration success and exit.

>>> ERR ZONE 2. gpio_device_put() and exit. >>> ERR ZONE 1.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxaab5c6f200238ac45001bec3d5494fff8438a8dc < a500e1837c4266ddb05b39b3e1cc71f49a43ffa5affected
LinuxLinuxaab5c6f200238ac45001bec3d5494fff8438a8dc < f0cf9c7b7c281956cc0dec163132cd96f76e1d60affected
LinuxLinuxaab5c6f200238ac45001bec3d5494fff8438a8dc < fb4584d2b324c522404c733c65840a1a6519ada8affected
LinuxLinuxaab5c6f200238ac45001bec3d5494fff8438a8dc < 16fdabe143fce2cbf89139677728e17e21b46c28affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.12.95 <= 6.12.*unaffected
LinuxLinux6.18.22 <= 6.18.*unaffected
LinuxLinux6.19.12 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References