Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: rt2x00usb: fix devres lifetime

USB drivers bind to USB interfaces and any device managed resources
should have their lifetime tied to the interface rather than parent USB
device. This avoids issues like memory leaks when drivers are unbound
without their devices being physically disconnected (e.g. on probe
deferral or configuration changes).

Fix the USB anchor lifetime so that it is released on driver unbind.
Published: 2026-04-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Leak
Action: Patch Kernel
AI Analysis

Impact

The rt2x00usb USB driver in the Linux kernel incorrectly ties device resources to the parent USB device instead of the USB interface, causing memory to remain allocated when the driver is unbound without the device being physically disconnected. This flaw leads to gradual memory exhaustion when drivers are repeatedly unbound, such as during probe deferral or configuration changes. The primary consequence is a non‑remote denial of service through memory depletion, and the weakness corresponds to CWE‑401 (Memory Management).

Affected Systems

The vulnerability affects Linux kernel systems that include the rt2x00usb driver. The known CPE set lists kernels from version 4.7 through the 7.0 release candidates. Any distribution or vendor whose kernel build includes this driver without the recent commit that fixes the devres lifetime is at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The issue is not listed in CISA’s KEV catalog. The likely attack vector is local manipulation of USB interfaces that triggers driver unbinding, so an attacker with local or removable USB access could repeatedly load and unload the driver to exhaust memory and disrupt system stability, but the flaw does not provide remote code execution or privilege escalation.

Generated by OpenCVE AI on April 28, 2026 at 20:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to the version containing the rt2x00usb devres lifetime fix; the commit is included in kernel releases after the patch.
  • If a kernel upgrade cannot be performed immediately, prevent the rt2x00usb driver from loading on vulnerable systems or unload it during times when USB devices are updated. Disabling automatic driver binding for relevant USB interfaces can also mitigate the issue.
  • Monitor memory usage for abnormal growth patterns associated with USB device unbinding, and schedule regular reboots or maintain scripts that restart affected services when memory thresholds are exceeded.

Generated by OpenCVE AI on April 28, 2026 at 20:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6238-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:4.7:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00usb: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers are unbound without their devices being physically disconnected (e.g. on probe deferral or configuration changes). Fix the USB anchor lifetime so that it is released on driver unbind.
Title wifi: rt2x00usb: fix devres lifetime
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:13:24.521Z

Reserved: 2026-03-09T15:48:24.130Z

Link: CVE-2026-31672

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:47.017

Modified: 2026-04-27T20:11:49.797

Link: CVE-2026-31672

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31672 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:15:26Z

Weaknesses