nvdimm/bus: Fix potential use after free in asynchronous initialization

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2026-31399
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-04-03 16:16:38 UTC
Updated2026-04-03 16:16:38 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if device_add() fails in nd_async_device_register(). Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while scheduling async init") correctly added a reference on the parent device to be held until asynchronous initialization was complete. However, if device_add() results in an allocation failure the ref count of the device drops to 0 prior to the parent pointer being accessed. Thus resulting in use after free. The bug bot AI correctly identified the fix. Save a reference to the parent pointer to be used to drop the parent reference regardless of the outcome of device_add().

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected b6eae0f61db27748606cc00dafcfd1e2c032f0a5 9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d git Not specified
CNA Linux Linux affected b6eae0f61db27748606cc00dafcfd1e2c032f0a5 e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20e git Not specified
CNA Linux Linux affected b6eae0f61db27748606cc00dafcfd1e2c032f0a5 2c638259ad750833fd46a0cf57672a618542d84c git Not specified
CNA Linux Linux affected b6eae0f61db27748606cc00dafcfd1e2c032f0a5 a226e5b49e5fe8c98b14f8507de670189d191348 git Not specified
CNA Linux Linux affected b6eae0f61db27748606cc00dafcfd1e2c032f0a5 84af19855d1abdee3c9d57c0684e2868e391793c git Not specified
CNA Linux Linux affected b6eae0f61db27748606cc00dafcfd1e2c032f0a5 a8aec14230322ed8f1e8042b6d656c1631d41163 git Not specified
CNA Linux Linux affected 8954771abdea5c34280870e35592c7226a816d95 git Not specified
CNA Linux Linux affected 3e63a7f25cc85d3d3e174b9b0e3489ebb7eaf4ab git Not specified
CNA Linux Linux affected 1490de2bb0836fc0631c04d0559fdf81545b672f git Not specified
CNA Linux Linux affected e31a8418c8df7e6771414f99ed3d95ba8aca4e05 git Not specified
CNA Linux Linux affected 4f1a55a4f990016406147cf3e0c9487bf83e50f0 git Not specified
CNA Linux Linux affected 4.20 Not specified
CNA Linux Linux unaffected 4.20 semver Not specified
CNA Linux Linux unaffected 6.1.167 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.130 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.78 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.20 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.10 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0-rc5 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/a8aec14230322ed8f1e8042b6d656c1631d41163 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/2c638259ad750833fd46a0cf57672a618542d84c 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/a226e5b49e5fe8c98b14f8507de670189d191348 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/84af19855d1abdee3c9d57c0684e2868e391793c 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20e 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report