CVE-2026-31745

EUVD-2026-26558

01.05.2026, 15:16

In the Linux kernel, the following vulnerability has been resolved:

reset: gpio: fix double free in reset_add_gpio_aux_device() error path

When __auxiliary_device_add() fails, reset_add_gpio_aux_device()
calls auxiliary_device_uninit(adev).

The device release callback reset_gpio_aux_device_release() frees
adev, but the current error path then calls kfree(adev) again,
causing a double free.

Keep kfree(adev) for the auxiliary_device_init() failure path, but
avoid freeing adev after auxiliary_device_uninit().

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.159-1 fixed
bookworm (security)	6.1.164-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.251-3 fixed
forky	6.19.14-1 fixed
sid	7.0.3-1 fixed
trixie	6.12.73-1 fixed
trixie (security)	6.12.85-1 fixed

References

https://git.kernel.org/stable/c/1de465753220deb41569cf2add87bbb0673731db

https://git.kernel.org/stable/c/fbffb8c7c7bb4d38e9f65e0bee446685011de5d8