Description
In the Linux kernel, the following vulnerability has been resolved:

nvdimm/bus: Fix potential use after free in asynchronous initialization

Dingisoul with KASAN reports a use after free if device_add() fails in
nd_async_device_register().

Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while
scheduling async init") correctly added a reference on the parent device
to be held until asynchronous initialization was complete. However, if
device_add() results in an allocation failure the ref count of the
device drops to 0 prior to the parent pointer being accessed. Thus
resulting in use after free.

The bug bot AI correctly identified the fix. Save a reference to the
parent pointer to be used to drop the parent reference regardless of the
outcome of device_add().
Published: 2026-04-03
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel allows a use-after-free violation during asynchronous initialization of a non-volatile memory device. When device_add() fails, the parent device reference is dropped too early, leaving a dangling pointer that can be dereferenced by the kernel. This leads to kernel instability or crashes. The issue is classified as a high severity problem with a CVSS score of 7.8.

Affected Systems

The vulnerability affects all Linux kernel installations that include the nvdimm/bus subsystem and use asynchronous device registration. While no specific kernel version range is listed in the data, any kernel incorporating the nvdimm/bus path prior to the applied fix is potentially exposed.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity level. Exploitation would require influencing the creation of an NVDIMM device whose addition fails, meaning the attack surface is likely local or privileged. With an EPSS score of less than 1% and no listing in the CISA KEV catalog, widespread exploitation is presently unlikely, but the use-after-free nature warrants prompt remediation.

Generated by OpenCVE AI on May 20, 2026 at 16:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes commit b6eae0f61db2 in libnvdimm (or later) which holds a reference on the parent during async initialization.
  • Reboot or reload the affected subsystem to ensure that the patch takes effect, and monitor for any NVDIMM-related crashes.
  • If updating the kernel is not immediately possible, manually apply the commit to the libnvdimm source, rebuild the kernel, and install the patched kernel, or disable the nvdimm subsystem by removing the module to mitigate the risk until a release containing the fix is available.

Generated by OpenCVE AI on May 20, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6238-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Wed, 20 May 2026 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References
Metrics threat_severity

None

 cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if device_add() fails in nd_async_device_register(). Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while scheduling async init") correctly added a reference on the parent device to be held until asynchronous initialization was complete. However, if device_add() results in an allocation failure the ref count of the device drops to 0 prior to the parent pointer being accessed. Thus resulting in use after free. The bug bot AI correctly identified the fix. Save a reference to the parent pointer to be used to drop the parent reference regardless of the outcome of device_add().
Title nvdimm/bus: Fix potential use after free in asynchronous initialization
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:07:56.818Z

Reserved: 2026-03-09T15:48:24.085Z

Link: CVE-2026-31399

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-03T16:16:38.410

Modified: 2026-05-20T12:54:51.920

Link: CVE-2026-31399

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-31399 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T16:30:14Z

Weaknesses