CVE-2026-31732
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()
Since commit aab5c6f20023 ("gpio: set device type for GPIO chips"),
gdev->dev.release is unset. As a result, the reference count to
gdev->dev isn't dropped on the error handling paths.
Drop the reference on errors.
Also reorder the instructions to make the error handling simpler. Now gpiochip_add_data_with_key() roughly looks like:
>>> Some memory allocation. Go to ERR ZONE 1 on errors. >>> device_initialize().
gpiodev_release() takes over the responsibility for freeing the
resources of gdev->dev. The subsequent error handling paths
shouldn't go through ERR ZONE 1 again which leads to double free.
>>> Some initialization mainly on gdev.
>>> The rest of initialization. Go to ERR ZONE 2 on errors.
>>> Chip registration success and exit.
>>> ERR ZONE 2. gpio_device_put() and exit. >>> ERR ZONE 1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | aab5c6f200238ac45001bec3d5494fff8438a8dc < a500e1837c4266ddb05b39b3e1cc71f49a43ffa5 | affected |
| Linux | Linux | aab5c6f200238ac45001bec3d5494fff8438a8dc < f0cf9c7b7c281956cc0dec163132cd96f76e1d60 | affected |
| Linux | Linux | aab5c6f200238ac45001bec3d5494fff8438a8dc < fb4584d2b324c522404c733c65840a1a6519ada8 | affected |
| Linux | Linux | aab5c6f200238ac45001bec3d5494fff8438a8dc < 16fdabe143fce2cbf89139677728e17e21b46c28 | affected |
| Linux | Linux | 6.9 | affected |
| Linux | Linux | 0 < 6.9 | unaffected |
| Linux | Linux | 6.12.95 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.22 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.12 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/a500e1837c4266ddb05b39b3e1cc71f49a43ffa5
- https://git.kernel.org/stable/c/f0cf9c7b7c281956cc0dec163132cd96f76e1d60
- https://git.kernel.org/stable/c/fb4584d2b324c522404c733c65840a1a6519ada8
- https://git.kernel.org/stable/c/16fdabe143fce2cbf89139677728e17e21b46c28
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.