{"api_version":"1","generated_at":"2026-04-25T18:58:56+00:00","cve":"CVE-2026-31672","urls":{"html":"https://cve.report/CVE-2026-31672","api":"https://cve.report/api/cve/CVE-2026-31672.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-31672","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-31672"},"summary":{"title":"wifi: rt2x00usb: fix devres lifetime","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00usb: fix devres lifetime\n\nUSB drivers bind to USB interfaces and any device managed resources\nshould have their lifetime tied to the interface rather than parent USB\ndevice. This avoids issues like memory leaks when drivers are unbound\nwithout their devices being physically disconnected (e.g. on probe\ndeferral or configuration changes).\n\nFix the USB anchor lifetime so that it is released on driver unbind.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-04-24 15:16:47","updated_at":"2026-04-24 17:51:40"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/e360d15fcb1e819eef49e3d4434d8050542eed16","name":"https://git.kernel.org/stable/c/e360d15fcb1e819eef49e3d4434d8050542eed16","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/b245db719bc7e57abf48bd5701662b270c3880f7","name":"https://git.kernel.org/stable/c/b245db719bc7e57abf48bd5701662b270c3880f7","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/15b233e33b35b927bd8d0044c15325564ea1ba24","name":"https://git.kernel.org/stable/c/15b233e33b35b927bd8d0044c15325564ea1ba24","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/25369b22223d1c56e42a0cd4ac9137349d5a898e","name":"https://git.kernel.org/stable/c/25369b22223d1c56e42a0cd4ac9137349d5a898e","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/64a457f6afbf15f984d95201a9a1e71eed3f9dd1","name":"https://git.kernel.org/stable/c/64a457f6afbf15f984d95201a9a1e71eed3f9dd1","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/c99f198841b41735796e2ddfcd573783fb552eb9","name":"https://git.kernel.org/stable/c/c99f198841b41735796e2ddfcd573783fb552eb9","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/65518a6965d527c53013947031f26754f6a4f6af","name":"https://git.kernel.org/stable/c/65518a6965d527c53013947031f26754f6a4f6af","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/1de5c76bf40e9cdeebf54662f63011fb10fa452f","name":"https://git.kernel.org/stable/c/1de5c76bf40e9cdeebf54662f63011fb10fa452f","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-31672","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31672","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8b4c0009313f3d42e2540e3e1f776097dd0db73d 64a457f6afbf15f984d95201a9a1e71eed3f9dd1 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8b4c0009313f3d42e2540e3e1f776097dd0db73d 65518a6965d527c53013947031f26754f6a4f6af git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8b4c0009313f3d42e2540e3e1f776097dd0db73d 15b233e33b35b927bd8d0044c15325564ea1ba24 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8b4c0009313f3d42e2540e3e1f776097dd0db73d 1de5c76bf40e9cdeebf54662f63011fb10fa452f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8b4c0009313f3d42e2540e3e1f776097dd0db73d b245db719bc7e57abf48bd5701662b270c3880f7 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8b4c0009313f3d42e2540e3e1f776097dd0db73d e360d15fcb1e819eef49e3d4434d8050542eed16 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8b4c0009313f3d42e2540e3e1f776097dd0db73d c99f198841b41735796e2ddfcd573783fb552eb9 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8b4c0009313f3d42e2540e3e1f776097dd0db73d 25369b22223d1c56e42a0cd4ac9137349d5a898e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.7","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 4.7 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.253 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.203 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.169 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.135 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.82 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.23 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.13 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/net/wireless/ralink/rt2x00/rt2x00usb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"64a457f6afbf15f984d95201a9a1e71eed3f9dd1","status":"affected","version":"8b4c0009313f3d42e2540e3e1f776097dd0db73d","versionType":"git"},{"lessThan":"65518a6965d527c53013947031f26754f6a4f6af","status":"affected","version":"8b4c0009313f3d42e2540e3e1f776097dd0db73d","versionType":"git"},{"lessThan":"15b233e33b35b927bd8d0044c15325564ea1ba24","status":"affected","version":"8b4c0009313f3d42e2540e3e1f776097dd0db73d","versionType":"git"},{"lessThan":"1de5c76bf40e9cdeebf54662f63011fb10fa452f","status":"affected","version":"8b4c0009313f3d42e2540e3e1f776097dd0db73d","versionType":"git"},{"lessThan":"b245db719bc7e57abf48bd5701662b270c3880f7","status":"affected","version":"8b4c0009313f3d42e2540e3e1f776097dd0db73d","versionType":"git"},{"lessThan":"e360d15fcb1e819eef49e3d4434d8050542eed16","status":"affected","version":"8b4c0009313f3d42e2540e3e1f776097dd0db73d","versionType":"git"},{"lessThan":"c99f198841b41735796e2ddfcd573783fb552eb9","status":"affected","version":"8b4c0009313f3d42e2540e3e1f776097dd0db73d","versionType":"git"},{"lessThan":"25369b22223d1c56e42a0cd4ac9137349d5a898e","status":"affected","version":"8b4c0009313f3d42e2540e3e1f776097dd0db73d","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/net/wireless/ralink/rt2x00/rt2x00usb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"4.7"},{"lessThan":"4.7","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.253","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.203","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.169","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.135","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.82","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.23","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.13","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.253","versionStartIncluding":"4.7","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.203","versionStartIncluding":"4.7","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.169","versionStartIncluding":"4.7","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.135","versionStartIncluding":"4.7","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.82","versionStartIncluding":"4.7","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.23","versionStartIncluding":"4.7","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.13","versionStartIncluding":"4.7","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"4.7","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00usb: fix devres lifetime\n\nUSB drivers bind to USB interfaces and any device managed resources\nshould have their lifetime tied to the interface rather than parent USB\ndevice. This avoids issues like memory leaks when drivers are unbound\nwithout their devices being physically disconnected (e.g. on probe\ndeferral or configuration changes).\n\nFix the USB anchor lifetime so that it is released on driver unbind."}],"providerMetadata":{"dateUpdated":"2026-04-24T14:45:19.725Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/64a457f6afbf15f984d95201a9a1e71eed3f9dd1"},{"url":"https://git.kernel.org/stable/c/65518a6965d527c53013947031f26754f6a4f6af"},{"url":"https://git.kernel.org/stable/c/15b233e33b35b927bd8d0044c15325564ea1ba24"},{"url":"https://git.kernel.org/stable/c/1de5c76bf40e9cdeebf54662f63011fb10fa452f"},{"url":"https://git.kernel.org/stable/c/b245db719bc7e57abf48bd5701662b270c3880f7"},{"url":"https://git.kernel.org/stable/c/e360d15fcb1e819eef49e3d4434d8050542eed16"},{"url":"https://git.kernel.org/stable/c/c99f198841b41735796e2ddfcd573783fb552eb9"},{"url":"https://git.kernel.org/stable/c/25369b22223d1c56e42a0cd4ac9137349d5a898e"}],"title":"wifi: rt2x00usb: fix devres lifetime","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-31672","datePublished":"2026-04-24T14:45:19.725Z","dateReserved":"2026-03-09T15:48:24.130Z","dateUpdated":"2026-04-24T14:45:19.725Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-24 15:16:47","lastModifiedDate":"2026-04-24 17:51:40","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"31672","Ordinal":"1","Title":"wifi: rt2x00usb: fix devres lifetime","CVE":"CVE-2026-31672","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"31672","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00usb: fix devres lifetime\n\nUSB drivers bind to USB interfaces and any device managed resources\nshould have their lifetime tied to the interface rather than parent USB\ndevice. This avoids issues like memory leaks when drivers are unbound\nwithout their devices being physically disconnected (e.g. on probe\ndeferral or configuration changes).\n\nFix the USB anchor lifetime so that it is released on driver unbind.","Type":"Description","Title":"wifi: rt2x00usb: fix devres lifetime"}]}}}