CVE-2026-31389 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

spi: fix use-after-free on controller registration failure

Make sure to deregister from driver core also in the unlikely event that
per-cpu statistics allocation fails during controller registration to
avoid use-after-free (of driver resources) and unclocked register
accesses.

Published: 2026-04-03

Score: 4.7 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A use‑after‑free condition was identified in the Linux kernel’s SPI controller registration path. When per‑CPU statistics allocation fails during controller setup, the driver core deregistration was omitted, leaving driver resources dangling. If these resources are later accessed, the kernel may perform unclocked register operations on freed memory, resulting in memory corruption that can be leveraged to gain higher privileges or crash the system.

Affected Systems

All Linux kernel releases that contain the affected SPI controller code are impacted. The CNA lists the generic vendor product ‘Linux:Linux’ twice and no specific version range is provided, implying that the flaw exists across the default kernel branches at the time of the fix. Users should check the release notes for the kernel version they run to confirm whether the patch has been applied.

Risk and Exploitability

Use‑after‑free vulnerabilities in kernel code are traditionally high‑impact. Although the EPSS score is not available and the issue is not listed in CISA’s KEV catalog, the nature of the flaw (freeing driver resources before completing registration) makes it exploitable by a local attacker with capabilities to load or manipulate SPI drivers. Successful exploitation could lead to arbitrary code execution with kernel privileges or a denial‑of‑service attack that destabilizes the system.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`6598b91b5ac32bc756d7c3000a31f775d4ead1c4`	affected	< 0e23f50086da7d0b183dfeac26021acfcdee086b
`6598b91b5ac32bc756d7c3000a31f775d4ead1c4`	affected	< 6bbd385b30c7fb6c7ee0669e9ada91490938c051
`6598b91b5ac32bc756d7c3000a31f775d4ead1c4`	affected	< afe27c1f43aa57530011f419be6ddf71306565d2
`6598b91b5ac32bc756d7c3000a31f775d4ead1c4`	affected	< 80f3e8cd2b4ad355b2ad2024cf423f6d183404f7
`6598b91b5ac32bc756d7c3000a31f775d4ead1c4`	affected	< 23b51bad2eb8787aa74324cfccefb258515ae5ba
`6598b91b5ac32bc756d7c3000a31f775d4ead1c4`	affected	< 8634e05b08ead636e926022f4a98416e13440df9

Linux

affected

Version	Status	Constraints
`6.0`	affected	—
`0`	unaffected	< 6.0
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.78`	unaffected	≤ 6.12.*
`6.18.20`	unaffected	≤ 6.18.*
`6.19.10`	unaffected	≤ 6.19.*
`7.0-rc5`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6598b91b5ac32bc756d7c3000a31f775d4ead1c4,0e23f50086da7d0b183dfeac26021acfcdee086b)`	affected	code_commit	—
`[6598b91b5ac32bc756d7c3000a31f775d4ead1c4,6bbd385b30c7fb6c7ee0669e9ada91490938c051)`	affected	code_commit	—
`[6598b91b5ac32bc756d7c3000a31f775d4ead1c4,afe27c1f43aa57530011f419be6ddf71306565d2)`	affected	code_commit	—
`[6598b91b5ac32bc756d7c3000a31f775d4ead1c4,80f3e8cd2b4ad355b2ad2024cf423f6d183404f7)`	affected	code_commit	—
`[6598b91b5ac32bc756d7c3000a31f775d4ead1c4,23b51bad2eb8787aa74324cfccefb258515ae5ba)`	affected	code_commit	—
`[6598b91b5ac32bc756d7c3000a31f775d4ead1c4,8634e05b08ead636e926022f4a98416e13440df9)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.0`	affected	semver	—
`[0,6.0)`	unaffected	generic	—
`[6.1.167,6.1.*]`	unaffected	generic	—
`[6.6.130,6.6.*]`	unaffected	generic	—
`[6.12.78,6.12.*]`	unaffected	generic	—
`[6.18.20,6.18.*]`	unaffected	generic	—
`[6.19.10,6.19.*]`	unaffected	generic	—
`[7.0-rc5,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the kernel version you are running and verify that it includes the commit that fixes the use‑after‑free in the SPI controller subsystem.
Upgrade the kernel to a release that incorporates the patch, such as the latest stable or long‑term support branch from your distribution.
After updating, reboot the system to ensure the new kernel image is in use.
If your environment requires immediate protection and an update cannot be applied, monitor for any known exploits targeting this flaw and apply any vendor‑issued workarounds if available; otherwise, restrict local module loading privileges until an update is applied.

Generated by OpenCVE AI on April 3, 2026 at 18:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0e23f50086da7d0b183dfeac26021acfcdee086b
https://git.kernel.org/stable/c/23b51bad2eb8787aa74324cfccefb258515ae5ba
https://git.kernel.org/stable/c/6bbd385b30c7fb6c7ee0669e9ada91490938c051
https://git.kernel.org/stable/c/80f3e8cd2b4ad355b2ad2024cf423f6d183404f7
https://git.kernel.org/stable/c/8634e05b08ead636e926022f4a98416e13440df9
https://git.kernel.org/stable/c/afe27c1f43aa57530011f419be6ddf71306565d2
https://lore.kernel.org/linux-cve-announce/2026040324-CVE-2026-31389-036b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31389
https://www.cve.org/CVERecord?id=CVE-2026-31389

History

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-825
References		https://lore.kernel.org/linux-cve-announce/2026040324-CVE-2026-31389-036b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31389 https://www.cve.org/CVERecord?id=CVE-2026-31389
Metrics	threat_severity `None`	cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 03 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Fri, 03 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free (of driver resources) and unclocked register accesses.
Title		spi: fix use-after-free on controller registration failure
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0e23f50086da7d0b183dfeac26021acfcdee086b https://git.kernel.org/stable/c/23b51bad2eb8787aa74324cfccefb258515ae5ba https://git.kernel.org/stable/c/6bbd385b30c7fb6c7ee0669e9ada91490938c051 https://git.kernel.org/stable/c/80f3e8cd2b4ad355b2ad2024cf423f6d183404f7 https://git.kernel.org/stable/c/8634e05b08ead636e926022f4a98416e13440df9 https://git.kernel.org/stable/c/afe27c1f43aa57530011f419be6ddf71306565d2

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T15:15:55.068Z

Updated: 2026-04-03T15:15:55.068Z

Reserved: 2026-03-09T15:48:24.084Z

Link: CVE-2026-31389

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-03T16:16:36.823

Modified: 2026-04-03T16:16:36.823

Link: CVE-2026-31389

Redhat

Severity : Moderate

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-31389 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-03T21:15:38Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object