Description
In the Linux kernel, the following vulnerability has been resolved:

driver core: platform: use generic driver_override infrastructure

When a driver is probed through __driver_attach(), the bus' match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.

Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.

Note that calling match() from __driver_attach() without the device lock
held is intentional. [1]
Published: 2026-04-22
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Use‑After‑Free leading to potential arbitrary code execution
Action: Immediate Patch
AI Analysis

Impact

In the Linux kernel, the driver attachment routine can access the driver_override field without holding the necessary device lock, creating a use‑after‑free condition during the bus match callback. This flaw is a typical use‑after‑free (CWE‑413) that can corrupt memory or trigger unintended execution paths if the driver structure is freed while still being referenced.

Affected Systems

All Linux kernel releases that do not yet include the driver_override locking fix. The vulnerability affects platform drivers in the production kernel; the exact version range is not specified, so any system running a kernel prior to the patch is at risk.

Risk and Exploitability

The flaw can be exploited locally by triggering a device match during attachment, such as through a malicious device or automated device enumeration. The likely attack vector is local device interaction, allowing an attacker with physical or remote local access to induce the improper match(). The CVSS score of 7.8 indicates high severity, the EPSS score of < 1 % suggests a low exploitation probability at this time, and the vulnerability is not listed in CISA KEV. The lack of device lock protection during match() is the critical weakness, and an attacker with local access could use this to gain kernel privileges, making the risk moderate to high for exposed systems.

Generated by OpenCVE AI on April 28, 2026 at 23:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to the patched version that includes the driver_override locking fix.
  • If the upgrade cannot be applied immediately, stop or unload platform drivers that depend on driver_override until the patch is installed.
  • Enable kernel module signing, secure boot, or other module‑loading restrictions to limit untrusted driver loading as a temporary safeguard.

Generated by OpenCVE AI on April 28, 2026 at 23:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Tue, 28 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-413
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1]
Title driver core: platform: use generic driver_override infrastructure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:10:31.339Z

Reserved: 2026-03-09T15:48:24.111Z

Link: CVE-2026-31527

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T14:16:52.903

Modified: 2026-04-28T18:02:17.463

Link: CVE-2026-31527

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31527 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T00:00:13Z

Weaknesses