CVE-2026-31745
Analyzed Analyzed - Analysis Complete
Double Free in Linux Kernel GPIO Reset Driver

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: reset: gpio: fix double free in reset_add_gpio_aux_device() error path When __auxiliary_device_add() fails, reset_add_gpio_aux_device() calls auxiliary_device_uninit(adev). The device release callback reset_gpio_aux_device_release() frees adev, but the current error path then calls kfree(adev) again, causing a double free. Keep kfree(adev) for the auxiliary_device_init() failure path, but avoid freeing adev after auxiliary_device_uninit().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31745
EUVD
EUVD-2026-26558
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a double free bug in the Linux kernel's reset subsystem related to GPIO auxiliary devices. Specifically, when the function __auxiliary_device_add() fails, the error handling path in reset_add_gpio_aux_device() calls auxiliary_device_uninit(), which triggers the device release callback reset_gpio_aux_device_release() to free the auxiliary device structure (adev). However, after this callback, the error path attempts to free the same structure again using kfree(adev), causing a double free.

The fix involves keeping the kfree(adev) call only for the failure path of auxiliary_device_init(), and avoiding freeing adev after auxiliary_device_uninit() to prevent the double free.

Impact Analysis

A double free vulnerability can lead to undefined behavior such as memory corruption, system crashes, or potential exploitation by attackers to execute arbitrary code or escalate privileges. In the context of the Linux kernel, this could compromise system stability and security.

Mitigation Strategies

The vulnerability is fixed in the Linux kernel by correcting the double free error in the reset_add_gpio_aux_device() function. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

  • Check your current kernel version using: uname -r
  • Update the Linux kernel to the latest stable release provided by your distribution or from the official Linux kernel sources.
  • Reboot your system to load the updated kernel.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31745. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart