Description
In the Linux kernel, the following vulnerability has been resolved:

reset: gpio: fix double free in reset_add_gpio_aux_device() error path

When __auxiliary_device_add() fails, reset_add_gpio_aux_device()
calls auxiliary_device_uninit(adev).

The device release callback reset_gpio_aux_device_release() frees
adev, but the current error path then calls kfree(adev) again,
causing a double free.

Keep kfree(adev) for the auxiliary_device_init() failure path, but
avoid freeing adev after auxiliary_device_uninit().
Published: 2026-05-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a double free bug triggered when adding a GPIO auxiliary device in the Linux kernel reset subsystem. When the auxiliary device add routine fails, the error path frees the device structure twice—once during uninitialization and again directly. This misuse of memory can corrupt the heap, potentially allowing an attacker with sufficient privileges to execute arbitrary code or cause a system crash. The flaw corresponds to CWE-416, Use After Free.

Affected Systems

All Linux kernel implementations are affected, as the fix was made in the core reset driver and is not limited to specific vendor patches. No version range is listed, so any kernel snapshot before the patch that includes this bug should be considered vulnerable.

Risk and Exploitability

The fix occurs in the kernel, so exploitation would require local or elevated access to the kernel, making the attack vector restricted to local users or privileged attackers. With no EPSS data and no listing in CISA KEV, the exploitation probability appears low to moderate, yet the potential impact warrants prompt remediation.

Generated by OpenCVE AI on May 2, 2026 at 10:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the commit introducing the double‑free fix
  • If immediate upgrade is not possible, patch the relevant source files using the diff from the referenced commit references
  • Disable unnecessary reset.gpio auxiliary device support in kernel configuration to reduce the attack surface

Generated by OpenCVE AI on May 2, 2026 at 10:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 10:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1341
References

Fri, 01 May 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: reset: gpio: fix double free in reset_add_gpio_aux_device() error path When __auxiliary_device_add() fails, reset_add_gpio_aux_device() calls auxiliary_device_uninit(adev). The device release callback reset_gpio_aux_device_release() frees adev, but the current error path then calls kfree(adev) again, causing a double free. Keep kfree(adev) for the auxiliary_device_init() failure path, but avoid freeing adev after auxiliary_device_uninit().
Title reset: gpio: fix double free in reset_add_gpio_aux_device() error path
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-01T14:14:39.529Z

Reserved: 2026-03-09T15:48:24.138Z

Link: CVE-2026-31745

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:37.260

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31745

cve-icon Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31745 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T10:30:40Z

Weaknesses