CVE-2026-31672

EUVD-2026-25565
In the Linux kernel, the following vulnerability has been resolved:

wifi: rt2x00usb: fix devres lifetime

USB drivers bind to USB interfaces and any device managed resources
should have their lifetime tied to the interface rather than parent USB
device. This avoids issues like memory leaks when drivers are unbound
without their devices being physically disconnected (e.g. on probe
deferral or configuration changes).

Fix the USB anchor lifetime so that it is released on driver unbind.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
4.7.1 ≤
𝑥
< 5.10.253
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.203
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.169
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.135
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.82
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.23
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.13
linuxlinux_kernel
4.7
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
linuxlinux_kernel
7.0:rc7
𝑥
= Vulnerable software versions
Azure Linux logo
Azure Linux Releases
Azure Package
Release
kernel
Azure Linux 3.0
0:6.6.137.1-1.azl3
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/15b233e33b35b927bd8d0044c15325564ea1ba24
https://git.kernel.org/stable/c/1de5c76bf40e9cdeebf54662f63011fb10fa452f
https://git.kernel.org/stable/c/25369b22223d1c56e42a0cd4ac9137349d5a898e
https://git.kernel.org/stable/c/64a457f6afbf15f984d95201a9a1e71eed3f9dd1
https://git.kernel.org/stable/c/65518a6965d527c53013947031f26754f6a4f6af
https://git.kernel.org/stable/c/b245db719bc7e57abf48bd5701662b270c3880f7
https://git.kernel.org/stable/c/c99f198841b41735796e2ddfcd573783fb552eb9
https://git.kernel.org/stable/c/e360d15fcb1e819eef49e3d4434d8050542eed16