CVE-2026-31621
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-04-24

Last updated on: 2026-04-28

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bnge: return after auxiliary_device_uninit() in error path When auxiliary_device_add() fails, the error block calls auxiliary_device_uninit() but does not return. The uninit drops the last reference and synchronously runs bnge_aux_dev_release(), which sets bd->auxr_dev = NULL and frees the underlying object. The subsequent bd->auxr_dev->net = bd->netdev then dereferences NULL, which is not a good thing to have happen when trying to clean up from an error. Add the missing return, as the auxiliary bus documentation states is a requirement (seems that LLM tools read documentation better than humans do...)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-24
Last Modified
2026-04-28
Generated
2026-06-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31621
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.14 (exc)
linux linux_kernel From 7.0 (inc) to 7.0.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-908 The product uses or accesses a resource that has not been initialized.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
AI Quick Actions have not been generated yet.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31621. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart