CVE-2026-31506
Received Received - Intake
Double Free Vulnerability in Linux Kernel net:bcmasp WoL IRQ

Publication date: 2026-04-22

Last updated on: 2026-04-28

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of WoL irq We do not need to free wol_irq since it was instantiated with devm_request_irq(). So devres will free for us.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31506
EUVD
EUVD-2026-24883
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.6
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.21 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.11 (exc)
linux linux_kernel From 6.6.1 (inc) to 6.12.80 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a double free issue in the Linux kernel's bcmasp network driver related to the Wake-on-LAN (WoL) interrupt request (irq). Specifically, the code incorrectly frees the wol_irq resource twice. The problem arises because wol_irq was allocated using devm_request_irq(), which automatically manages the resource's lifecycle, so manually freeing it again causes a double free error.

Impact Analysis

A double free vulnerability can lead to undefined behavior such as memory corruption, system crashes, or potential exploitation by attackers to execute arbitrary code or cause denial of service. In this case, the double free of the WoL irq in the Linux kernel could destabilize the system or be leveraged by an attacker to compromise system integrity.

Mitigation Strategies

The vulnerability in the Linux kernel related to a double free of WoL irq has been fixed by ensuring that wol_irq is not freed manually since it is managed by devm_request_irq().

To mitigate this vulnerability, you should update your Linux kernel to the version where this fix has been applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31506. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart