CVE-2026-31689

EUVD-2026-25886

27.04.2026, 18:16

In the Linux kernel, the following vulnerability has been resolved:

EDAC/mc: Fix error path ordering in edac_mc_alloc()

When the mci->pvt_info allocation in edac_mc_alloc() fails, the error path
will call put_device() which will end up calling the device's release
function.

However, the init ordering is wrong such that device_initialize() happens
*after* the failed allocation and thus the device itself and the release
function pointer are not initialized yet when they're called:

  MCE: In-kernel MCE decoding enabled.
  ------------[ cut here ]------------
  kobject: '(null)': is not initialized, yet kobject_put() is being called.
  WARNING: lib/kobject.c:734 at kobject_put, CPU#22: systemd-udevd
  CPU: 22 UID: 0 PID: 538 Comm: systemd-udevd Not tainted 7.0.0-rc1+ #2 PREEMPT(full)
  RIP: 0010:kobject_put
  Call Trace:
   <TASK>
   edac_mc_alloc+0xbe/0xe0 [edac_core]
   amd64_edac_init+0x7a4/0xff0 [amd64_edac]
   ? __pfx_amd64_edac_init+0x10/0x10 [amd64_edac]
   do_one_initcall
   ...

Reorder the calling sequence so that the device is initialized and thus the
release function pointer is properly set before it can be used.

This was found by Claude while reviewing another EDAC patch.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	5.19 ≤ 𝑥 < 6.1.169
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.135
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.82
linux	linux_kernel	6.13 ≤ 𝑥 < 6.18.23
linux	linux_kernel	6.19 ≤ 𝑥 < 6.19.13
linux	linux_kernel	7.0:rc1
linux	linux_kernel	7.0:rc2
linux	linux_kernel	7.0:rc3
linux	linux_kernel	7.0:rc4
linux	linux_kernel	7.0:rc5
linux	linux_kernel	7.0:rc6
linux	linux_kernel	7.0:rc7

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.174-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.257-1 fixed
forky	7.0.10-1 fixed
sid	7.0.12-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.90-2 fixed

linux-6.1

bullseye (security)

6.1.174-1~deb11u1

fixed

Amazon Linux Releases

Amazon Package

Release

bpftool

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

bpftool-debuginfo

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

bpftool6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

bpftool6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

bpftool6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

bpftool6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

kernel-debuginfo

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

kernel-debuginfo-common-aarch64

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

kernel-debuginfo-common-x86_64

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

kernel-devel

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

kernel-headers

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

kernel-livepatch-6.1.170-210.320

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel-livepatch-6.12.83-113.160

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel-livepatch-6.18.25-55.108

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel-modules-extra

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

kernel-modules-extra-common

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

kernel-tools

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

kernel-tools-debuginfo

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

kernel-tools-devel

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

kernel6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-debuginfo-common-aarch64

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-debuginfo-common-x86_64

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-devel

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-headers

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-modules-extra

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-modules-extra-common

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-tools

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-tools-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-tools-devel

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-debuginfo-common-aarch64

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-debuginfo-common-x86_64

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-devel

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-headers

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-modules-extra

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-modules-extra-common

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-tools

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-tools-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-tools-devel

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

perf

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

perf-debuginfo

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

perf6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

perf6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

perf6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

perf6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

python3-perf

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

python3-perf-debuginfo

Amazon Linux 2023

1:6.1.170-210.320.amzn2023

fixed

python3-perf6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

python3-perf6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

python3-perf6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

python3-perf6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

Azure Linux Releases

Azure Package

Release

kernel

Azure Linux 3.0

0:6.6.137.1-1.azl3

fixed

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://git.kernel.org/stable/c/51520e03e70d6c73e33ee7cbe0319767d05764fe

https://git.kernel.org/stable/c/75825648ce984ca4cebb28e4bd2bf8c3a7e837c5

https://git.kernel.org/stable/c/87ce8ae511962e105bcb3534944208c6a9471ed9

https://git.kernel.org/stable/c/aae95970fad2127a1bd49d8713c7cd0677dcd2d6

https://git.kernel.org/stable/c/d20e98c2df9354cc744431ad8ccbf49405b8b40f

https://git.kernel.org/stable/c/d3de72e2a2b9ee3a57734c1c068823e41a707715