CVE-2026-31745
Analyzed Analyzed - Analysis Complete

Double Free in Linux Kernel GPIO Reset Driver

Vulnerability report for CVE-2026-31745, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: fix double free in reset_add_gpio_aux_device() error path When __auxiliary_device_add() fails, reset_add_gpio_aux_device() calls auxiliary_device_uninit(adev). The device release callback reset_gpio_aux_device_release() frees adev, but the current error path then calls kfree(adev) again, causing a double free. Keep kfree(adev) for the auxiliary_device_init() failure path, but avoid freeing adev after auxiliary_device_uninit().

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-07-06
AI Q&A
2026-05-01
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a double free bug in the Linux kernel's reset subsystem related to GPIO auxiliary devices. Specifically, when the function __auxiliary_device_add() fails, the error handling path in reset_add_gpio_aux_device() calls auxiliary_device_uninit(), which triggers the device release callback reset_gpio_aux_device_release() to free the auxiliary device structure (adev). However, after this callback, the error path attempts to free the same structure again using kfree(adev), causing a double free.

The fix involves keeping the kfree(adev) call only for the failure path of auxiliary_device_init(), and avoiding freeing adev after auxiliary_device_uninit() to prevent the double free.

Impact Analysis

A double free vulnerability can lead to undefined behavior such as memory corruption, system crashes, or potential exploitation by attackers to execute arbitrary code or escalate privileges. In the context of the Linux kernel, this could compromise system stability and security.

Mitigation Strategies

The vulnerability is fixed in the Linux kernel by correcting the double free error in the reset_add_gpio_aux_device() function. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

  • Check your current kernel version using: uname -r
  • Update the Linux kernel to the latest stable release provided by your distribution or from the official Linux kernel sources.
  • Reboot your system to load the updated kernel.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31745. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart