CVE-2026-31732

EUVD-2026-26545
In the Linux kernel, the following vulnerability has been resolved:

gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()

Since commit aab5c6f20023 ("gpio: set device type for GPIO chips"),
`gdev->dev.release` is unset.  As a result, the reference count to
`gdev->dev` isn't dropped on the error handling paths.

Drop the reference on errors.

Also reorder the instructions to make the error handling simpler.
Now gpiochip_add_data_with_key() roughly looks like:

   >>> Some memory allocation.  Go to ERR ZONE 1 on errors.
   >>> device_initialize().

   gpiodev_release() takes over the responsibility for freeing the
   resources of `gdev->dev`.  The subsequent error handling paths
   shouldn't go through ERR ZONE 1 again which leads to double free.

   >>> Some initialization mainly on `gdev`.
   >>> The rest of initialization.  Go to ERR ZONE 2 on errors.
   >>> Chip registration success and exit.

   >>> ERR ZONE 2.  gpio_device_put() and exit.
   >>> ERR ZONE 1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
fixed
bookworm (security)
6.1.164-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-3
fixed
forky
6.19.14-1
fixed
sid
7.0.3-1
fixed
trixie
vulnerable
trixie (security)
vulnerable
References
https://git.kernel.org/stable/c/16fdabe143fce2cbf89139677728e17e21b46c28
https://git.kernel.org/stable/c/f0cf9c7b7c281956cc0dec163132cd96f76e1d60
https://git.kernel.org/stable/c/fb4584d2b324c522404c733c65840a1a6519ada8