CVE-2026-31758
USBTMCRC Use-After-Free in Linux Kernel
Publication date: 2026-05-01
Last updated on: 2026-05-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's USB Test and Measurement Class (usbtmc) driver. It occurs because when the function usbtmc_release is called, any pending anchored USB Request Blocks (URBs) are not properly flushed or killed. This can lead to use-after-free errors, particularly in the Host Controller Driver (HCD) giveback path. The fix involves calling usbtmc_draw_down() to ensure that all anchored URBs are completed and properly handled before release.
How can this vulnerability impact me? :
The vulnerability can lead to use-after-free errors in the Linux kernel's USB subsystem. Such errors may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges if they can exploit the improper handling of USB requests.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the issue in the usbtmc driver has been resolved.
Specifically, the fix involves flushing or killing pending anchored URBs in the usbtmc_release function to prevent use-after-free errors.
Applying the latest kernel patches or upgrading to a kernel version released after 2026-05-01 will address this issue.