CVE-2026-31745 - Vulnerability Details

- reset: gpio: fix double free in reset_add_gpio_aux_device() error path

Description

In the Linux kernel, the following vulnerability has been resolved:

reset: gpio: fix double free in reset_add_gpio_aux_device() error path

When __auxiliary_device_add() fails, reset_add_gpio_aux_device()
calls auxiliary_device_uninit(adev).

The device release callback reset_gpio_aux_device_release() frees
adev, but the current error path then calls kfree(adev) again,
causing a double free.

Keep kfree(adev) for the auxiliary_device_init() failure path, but
avoid freeing adev after auxiliary_device_uninit().

Published: 2026-05-01

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a double free bug triggered when adding a GPIO auxiliary device in the Linux kernel reset subsystem. When the auxiliary device add routine fails, the error path frees the device structure twice—once during uninitialization and again directly. This misuse of memory can corrupt the heap, potentially leading to system instability. The flaw corresponds to CWE-1341 and CWE-415.

Affected Systems

The affected products are Linux kernel builds that contain the reset subsystem’s GPIO auxiliary device code before the fix was applied. This includes all current mainline Linux kernel releases up to and including the 7.0 release candidates, as indicated by the CPE strings. System administrators should verify whether their kernel version implements the commit that removes the double free.

Risk and Exploitability

The CVSS score of 7.8 indicates moderate to high severity, while the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Exploitation would require the attacker to trigger the error path in reset_add_gpio_aux_device, which typically means privileged access or a local exploitation path; remote exploitation is not directly inferred from the description.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`5fc4e4cf7a2268b5f73700fd1e8d02159f2417d8`	affected	< 1de465753220deb41569cf2add87bbb0673731db
`5fc4e4cf7a2268b5f73700fd1e8d02159f2417d8`	affected	< fbffb8c7c7bb4d38e9f65e0bee446685011de5d8

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5fc4e4cf7a2268b5f73700fd1e8d02159f2417d8,1de465753220deb41569cf2add87bbb0673731db)`	affected	code_commit	—
`[5fc4e4cf7a2268b5f73700fd1e8d02159f2417d8,fbffb8c7c7bb4d38e9f65e0bee446685011de5d8)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.19`	affected	generic	—
`[0,6.19)`	unaffected	generic	—
`[6.19.12,6.20.0)`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the commit which removes the double free in reset_add_gpio_aux_device
If an upgrade is not currently possible, apply the patch from the kernel commit that fixes the error path by editing the source files directly
Consider disabling reset.gpio auxiliary device support in the kernel configuration to reduce the attack surface

Generated by OpenCVE AI on May 7, 2026 at 21:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1de465753220deb41569cf2add87bbb0673731db
https://git.kernel.org/stable/c/fbffb8c7c7bb4d38e9f65e0bee446685011de5d8
https://lore.kernel.org/linux-cve-announce/2026050141-CVE-2026-31745-566d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31745
https://www.cve.org/CVERecord?id=CVE-2026-31745

History

Thu, 07 May 2026 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-415
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Sat, 02 May 2026 10:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-416

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1341
References		https://lore.kernel.org/linux-cve-announce/2026050141-CVE-2026-31745-566d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31745 https://www.cve.org/CVERecord?id=CVE-2026-31745

Fri, 01 May 2026 23:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: reset: gpio: fix double free in reset_add_gpio_aux_device() error path When __auxiliary_device_add() fails, reset_add_gpio_aux_device() calls auxiliary_device_uninit(adev). The device release callback reset_gpio_aux_device_release() frees adev, but the current error path then calls kfree(adev) again, causing a double free. Keep kfree(adev) for the auxiliary_device_init() failure path, but avoid freeing adev after auxiliary_device_uninit().
Title		reset: gpio: fix double free in reset_add_gpio_aux_device() error path
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1de465753220deb41569cf2add87bbb0673731db https://git.kernel.org/stable/c/fbffb8c7c7bb4d38e9f65e0bee446685011de5d8

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:14:39.529Z

Updated: 2026-05-11T22:14:56.434Z

Reserved: 2026-03-09T15:48:24.138Z

Link: CVE-2026-31745

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-01T15:16:37.260

Modified: 2026-05-07T19:31:28.120

Link: CVE-2026-31745

Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31745 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-07T22:00:12Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object