CVE-2026-31399
Received Received - Intake
Use-After-Free in Linux Kernel nvdimm Asynchronous Initialization

Publication date: 2026-04-03

Last updated on: 2026-04-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if device_add() fails in nd_async_device_register(). Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while scheduling async init") correctly added a reference on the parent device to be held until asynchronous initialization was complete. However, if device_add() results in an allocation failure the ref count of the device drops to 0 prior to the parent pointer being accessed. Thus resulting in use after free. The bug bot AI correctly identified the fix. Save a reference to the parent pointer to be used to drop the parent reference regardless of the outcome of device_add().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-18
Generated
2026-05-06
AI Q&A
2026-04-03
EPSS Evaluated
2026-05-05
NVD
CVE-2026-31399
EUVD
EUVD-2026-18780
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free issue in the Linux kernel's nvdimm bus asynchronous initialization process. Specifically, when the function device_add() fails during the asynchronous device registration (nd_async_device_register()), the reference count of the device drops to zero before the parent device pointer is accessed. This causes the system to access memory that has already been freed, leading to a use-after-free condition.

The root cause was that although a reference on the parent device was supposed to be held until asynchronous initialization completed, if device_add() failed due to allocation failure, the reference count was decremented prematurely. The fix involved saving a reference to the parent pointer so that the parent reference could be properly dropped regardless of the outcome of device_add().


How can this vulnerability impact me? :

A use-after-free vulnerability can lead to undefined behavior including system crashes, data corruption, or potential escalation of privileges if exploited. In this case, the Linux kernel could access freed memory during device initialization, which might cause instability or security issues on systems using the affected nvdimm bus asynchronous initialization code.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability in the Linux kernel related to a use after free in asynchronous initialization of nvdimm devices can be mitigated by applying the patch that fixes the reference counting issue in nd_async_device_register().

Specifically, ensure your Linux kernel is updated to a version that includes the commit b6eae0f61db2 or later, which holds a reference on the parent device until asynchronous initialization completes, preventing the use after free condition.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart