CVE-2026-31399

Source
https://cve.org/CVERecord?id=CVE-2026-31399
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31399.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31399
Downstream
Published
2026-04-03T15:16:03.246Z
Modified
2026-07-08T08:12:47.351193047Z
Summary
nvdimm/bus: Fix potential use after free in asynchronous initialization
Details

In the Linux kernel, the following vulnerability has been resolved:

nvdimm/bus: Fix potential use after free in asynchronous initialization

Dingisoul with KASAN reports a use after free if deviceadd() fails in ndasyncdeviceregister().

Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while scheduling async init") correctly added a reference on the parent device to be held until asynchronous initialization was complete. However, if device_add() results in an allocation failure the ref count of the device drops to 0 prior to the parent pointer being accessed. Thus resulting in use after free.

The bug bot AI correctly identified the fix. Save a reference to the parent pointer to be used to drop the parent reference regardless of the outcome of device_add().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31399.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b6eae0f61db27748606cc00dafcfd1e2c032f0a5
Fixed
6fc36c2a925ceaba203eb13d75a8f0879a2c121b
Fixed
a36cf138500e56f50db9f9a33222df6969b38326
Fixed
9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d
Fixed
e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20e
Fixed
2c638259ad750833fd46a0cf57672a618542d84c
Fixed
a226e5b49e5fe8c98b14f8507de670189d191348
Fixed
84af19855d1abdee3c9d57c0684e2868e391793c
Fixed
a8aec14230322ed8f1e8042b6d656c1631d41163
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8954771abdea5c34280870e35592c7226a816d95
Last affected
3e63a7f25cc85d3d3e174b9b0e3489ebb7eaf4ab
Last affected
1490de2bb0836fc0631c04d0559fdf81545b672f
Last affected
e31a8418c8df7e6771414f99ed3d95ba8aca4e05
Last affected
4f1a55a4f990016406147cf3e0c9487bf83e50f0
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4.4.164
Fixed
4.5
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4.9.137
Fixed
4.10
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4.14.81
Fixed
4.15
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4.18.19
Fixed
4.19
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4.19.2
Fixed
4.20

Affected versions

v2.*
v2.6.12-rc2
v2.6.12-rc3
v2.6.12-rc4
v2.6.13
v2.6.13-rc1
v2.6.13-rc2
v2.6.13-rc3
v2.6.13-rc4
v2.6.13-rc5
v2.6.13-rc6
v2.6.13-rc7
v2.6.14-rc1
v2.6.14-rc2
v2.6.14-rc3
v2.6.15-rc1
v2.6.15-rc2
v2.6.15-rc4
v2.6.15-rc5
v2.6.15-rc7
v2.6.16
v2.6.16-rc1
v2.6.16-rc2
v2.6.16-rc3
v2.6.16-rc4
v2.6.16-rc5
v2.6.16-rc6
v2.6.17
v2.6.17-rc1
v2.6.17-rc2
v2.6.17-rc3
v2.6.17-rc4
v2.6.17-rc5
v2.6.17-rc6
v2.6.18
v2.6.18-rc1
v2.6.18-rc2
v2.6.18-rc3
v2.6.18-rc5
v2.6.18-rc6
v2.6.19-rc1
v2.6.19-rc2
v2.6.20-rc1
v2.6.20-rc2
v2.6.20-rc3
v2.6.20-rc4
v2.6.20-rc5
v2.6.20-rc6
v2.6.20-rc7
v2.6.21
v2.6.21-rc1
v2.6.21-rc2
v2.6.21-rc3
v2.6.21-rc4
v2.6.21-rc5
v2.6.21-rc6
v2.6.21-rc7
v2.6.22
v2.6.22-rc1
v2.6.22-rc2
v2.6.22-rc3
v2.6.22-rc4
v2.6.22-rc5
v2.6.22-rc6
v2.6.22-rc7
v2.6.23
v2.6.23-rc1
v2.6.23-rc2
v2.6.23-rc3
v2.6.23-rc4
v2.6.23-rc5
v2.6.23-rc6
v2.6.23-rc7
v2.6.23-rc8
v2.6.23-rc9
v2.6.24
v2.6.24-rc1
v2.6.24-rc2
v2.6.24-rc3
v2.6.24-rc4
v2.6.24-rc5
v2.6.24-rc6
v2.6.24-rc7
v2.6.24-rc8
v2.6.25
v2.6.25-rc1
v2.6.25-rc2
v2.6.25-rc3
v2.6.25-rc4
v2.6.25-rc5
v2.6.25-rc6
v2.6.25-rc7
v2.6.25-rc8
v2.6.25-rc9
v2.6.26
v2.6.26-rc1
v2.6.26-rc2
v2.6.26-rc3
v2.6.26-rc4
v2.6.26-rc5
v2.6.26-rc6
v2.6.26-rc7
v2.6.26-rc8
v2.6.26-rc9
v2.6.27
v2.6.27-rc1
v2.6.27-rc2
v2.6.27-rc3
v2.6.27-rc4
v2.6.27-rc5
v2.6.27-rc6
v2.6.27-rc7
v2.6.27-rc8
v2.6.27-rc9
v2.6.28
v2.6.28-rc1
v2.6.28-rc2
v2.6.28-rc3
v2.6.28-rc4
v2.6.28-rc5
v2.6.28-rc6
v2.6.28-rc7
v2.6.28-rc8
v2.6.28-rc9
v2.6.29
v2.6.29-rc1
v2.6.29-rc2
v2.6.29-rc3
v2.6.29-rc4
v2.6.29-rc5
v2.6.29-rc6
v2.6.29-rc7
v2.6.29-rc8
v2.6.30
v2.6.30-rc1
v2.6.30-rc2
v2.6.30-rc3
v2.6.30-rc4
v2.6.30-rc5
v2.6.30-rc6
v2.6.30-rc7
v2.6.30-rc8
v2.6.31
v2.6.31-rc1
v2.6.31-rc2
v2.6.31-rc3
v2.6.31-rc4
v2.6.31-rc5
v2.6.31-rc6
v2.6.31-rc7
v2.6.31-rc8
v2.6.31-rc9
v2.6.32
v2.6.32-rc1
v2.6.32-rc2
v2.6.32-rc3
v2.6.32-rc4
v2.6.32-rc5
v2.6.32-rc6
v2.6.32-rc7
v2.6.32-rc8
v2.6.33
v2.6.33-rc1
v2.6.33-rc2
v2.6.33-rc3
v2.6.33-rc4
v2.6.33-rc5
v2.6.33-rc6
v2.6.33-rc7
v2.6.33-rc8
v2.6.34
v2.6.34-rc1
v2.6.34-rc2
v2.6.34-rc3
v2.6.34-rc4
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v2.6.35
v2.6.35-rc1
v2.6.35-rc2
v2.6.35-rc3
v2.6.35-rc4
v2.6.35-rc5
v2.6.35-rc6
v2.6.36
v2.6.36-rc1
v2.6.36-rc2
v2.6.36-rc3
v2.6.36-rc4
v2.6.36-rc5
v2.6.36-rc6
v2.6.36-rc7
v2.6.36-rc8
v2.6.37
v2.6.37-rc1
v2.6.37-rc2
v2.6.37-rc3
v2.6.37-rc4
v2.6.37-rc5
v2.6.37-rc6
v2.6.37-rc7
v2.6.37-rc8
v2.6.38
v2.6.38-rc1
v2.6.38-rc2
v2.6.38-rc3
v2.6.38-rc4
v2.6.38-rc5
v2.6.38-rc6
v2.6.38-rc7
v2.6.38-rc8
v2.6.39
v2.6.39-rc1
v2.6.39-rc2
v2.6.39-rc3
v2.6.39-rc4
v2.6.39-rc5
v2.6.39-rc6
v2.6.39-rc7
v3.*
v3.0
v3.0-rc1
v3.0-rc2
v3.0-rc3
v3.0-rc4
v3.0-rc5
v3.0-rc6
v3.0-rc7
v3.1
v3.1-rc1
v3.1-rc10
v3.1-rc2
v3.1-rc3
v3.1-rc4
v3.1-rc5
v3.1-rc6
v3.1-rc7
v3.1-rc8
v3.1-rc9
v3.10
v3.10-rc1
v3.10-rc2
v3.10-rc3
v3.10-rc4
v3.10-rc5
v3.10-rc6
v3.10-rc7
v3.11
v3.11-rc1
v3.11-rc2
v3.11-rc3
v3.11-rc4
v3.11-rc5
v3.11-rc6
v3.11-rc7
v3.12
v3.12-rc1
v3.12-rc2
v3.12-rc3
v3.12-rc4
v3.12-rc5
v3.12-rc6
v3.12-rc7
v3.13
v3.13-rc1
v3.13-rc2
v3.13-rc3
v3.13-rc4
v3.13-rc5
v3.13-rc6
v3.13-rc7
v3.13-rc8
v3.14
v3.14-rc1
v3.14-rc2
v3.14-rc3
v3.14-rc4
v3.14-rc5
v3.14-rc6
v3.14-rc7
v3.14-rc8
v3.15
v3.15-rc1
v3.15-rc2
v3.15-rc3
v3.15-rc4
v3.15-rc5
v3.15-rc6
v3.15-rc7
v3.15-rc8
v3.16
v3.16-rc1
v3.16-rc2
v3.16-rc3
v3.16-rc4
v3.16-rc5
v3.16-rc6
v3.16-rc7
v3.17
v3.17-rc1
v3.17-rc2
v3.17-rc3
v3.17-rc4
v3.17-rc5
v3.17-rc6
v3.17-rc7
v3.18
v3.18-rc1
v3.18-rc2
v3.18-rc3
v3.18-rc4
v3.18-rc5
v3.18-rc6
v3.18-rc7
v3.19
v3.19-rc1
v3.19-rc2
v3.19-rc3
v3.19-rc4
v3.19-rc5
v3.19-rc6
v3.19-rc7
v3.2
v3.2-rc1
v3.2-rc2
v3.2-rc3
v3.2-rc4
v3.2-rc5
v3.2-rc6
v3.2-rc7
v3.3
v3.3-rc1
v3.3-rc2
v3.3-rc3
v3.3-rc4
v3.3-rc5
v3.3-rc6
v3.3-rc7
v3.4
v3.4-rc1
v3.4-rc2
v3.4-rc3
v3.4-rc4
v3.4-rc5
v3.4-rc6
v3.4-rc7
v3.5
v3.5-rc1
v3.5-rc2
v3.5-rc3
v3.5-rc4
v3.5-rc5
v3.5-rc6
v3.5-rc7
v3.6
v3.6-rc1
v3.6-rc2
v3.6-rc3
v3.6-rc4
v3.6-rc5
v3.6-rc6
v3.6-rc7
v3.7
v3.7-rc1
v3.7-rc2
v3.7-rc3
v3.7-rc4
v3.7-rc5
v3.7-rc6
v3.7-rc7
v3.7-rc8
v3.8
v3.8-rc1
v3.8-rc2
v3.8-rc3
v3.8-rc4
v3.8-rc5
v3.8-rc6
v3.8-rc7
v3.9
v3.9-rc1
v3.9-rc2
v3.9-rc3
v3.9-rc4
v3.9-rc5
v3.9-rc6
v3.9-rc7
v3.9-rc8
v4.*
v4.0
v4.0-rc1
v4.0-rc2
v4.0-rc3
v4.0-rc4
v4.0-rc5
v4.0-rc6
v4.0-rc7
v4.1
v4.1-rc1
v4.1-rc2
v4.1-rc3
v4.1-rc4
v4.1-rc5
v4.1-rc6
v4.1-rc7
v4.1-rc8
v4.10
v4.10-rc1
v4.10-rc2
v4.10-rc3
v4.10-rc4
v4.10-rc5
v4.10-rc6
v4.10-rc7
v4.10-rc8
v4.11
v4.11-rc1
v4.11-rc2
v4.11-rc3
v4.11-rc4
v4.11-rc5
v4.11-rc6
v4.11-rc7
v4.11-rc8
v4.12
v4.12-rc1
v4.12-rc2
v4.12-rc3
v4.12-rc4
v4.12-rc5
v4.12-rc6
v4.12-rc7
v4.13
v4.13-rc1
v4.13-rc2
v4.13-rc3
v4.13-rc4
v4.13-rc5
v4.13-rc6
v4.13-rc7
v4.14
v4.14-rc1
v4.14-rc2
v4.14-rc3
v4.14-rc4
v4.14-rc5
v4.14-rc6
v4.14-rc7
v4.14-rc8
v4.14.1
v4.14.10
v4.14.11
v4.14.12
v4.14.13
v4.14.14
v4.14.15
v4.14.16
v4.14.17
v4.14.18
v4.14.19
v4.14.2
v4.14.20
v4.14.21
v4.14.22
v4.14.23
v4.14.24
v4.14.25
v4.14.26
v4.14.27
v4.14.28
v4.14.29
v4.14.3
v4.14.30
v4.14.31
v4.14.32
v4.14.33
v4.14.34
v4.14.35
v4.14.36
v4.14.37
v4.14.38
v4.14.39
v4.14.4
v4.14.40
v4.14.41
v4.14.42
v4.14.43
v4.14.44
v4.14.45
v4.14.46
v4.14.47
v4.14.48
v4.14.49
v4.14.5
v4.14.50
v4.14.51
v4.14.52
v4.14.53
v4.14.54
v4.14.55
v4.14.56
v4.14.57
v4.14.58
v4.14.59
v4.14.6
v4.14.60
v4.14.61
v4.14.62
v4.14.63
v4.14.64
v4.14.65
v4.14.66
v4.14.67
v4.14.68
v4.14.69
v4.14.7
v4.14.70
v4.14.71
v4.14.72
v4.14.73
v4.14.74
v4.14.75
v4.14.76
v4.14.77
v4.14.78
v4.14.79
v4.14.8
v4.14.80
v4.14.9
v4.15
v4.15-rc1
v4.15-rc2
v4.15-rc3
v4.15-rc4
v4.15-rc5
v4.15-rc6
v4.15-rc7
v4.15-rc8
v4.15-rc9
v4.16
v4.16-rc1
v4.16-rc2
v4.16-rc3
v4.16-rc4
v4.16-rc5
v4.16-rc6
v4.16-rc7
v4.17
v4.17-rc1
v4.17-rc2
v4.17-rc3
v4.17-rc4
v4.17-rc5
v4.17-rc6
v4.17-rc7
v4.18
v4.18-rc1
v4.18-rc2
v4.18-rc3
v4.18-rc4
v4.18-rc5
v4.18-rc6
v4.18-rc7
v4.18-rc8
v4.18.1
v4.18.10
v4.18.11
v4.18.12
v4.18.13
v4.18.14
v4.18.15
v4.18.16
v4.18.17
v4.18.18
v4.18.2
v4.18.3
v4.18.4
v4.18.5
v4.18.6
v4.18.7
v4.18.8
v4.18.9
v4.19
v4.19-rc1
v4.19-rc2
v4.19-rc3
v4.19-rc4
v4.19-rc5
v4.19-rc6
v4.19-rc7
v4.19-rc8
v4.19.1
v4.2
v4.2-rc1
v4.2-rc2
v4.2-rc3
v4.2-rc4
v4.2-rc5
v4.2-rc6
v4.2-rc7
v4.2-rc8
v4.3
v4.3-rc1
v4.3-rc2
v4.3-rc3
v4.3-rc4
v4.3-rc5
v4.3-rc6
v4.3-rc7
v4.4
v4.4-rc1
v4.4-rc2
v4.4-rc3
v4.4-rc4
v4.4-rc5
v4.4-rc6
v4.4-rc7
v4.4-rc8
v4.4.1
v4.4.10
v4.4.100
v4.4.101
v4.4.102
v4.4.103
v4.4.104
v4.4.105
v4.4.106
v4.4.107
v4.4.108
v4.4.109
v4.4.11
v4.4.110
v4.4.111
v4.4.112
v4.4.113
v4.4.114
v4.4.115
v4.4.116
v4.4.117
v4.4.118
v4.4.119
v4.4.12
v4.4.120
v4.4.121
v4.4.122
v4.4.123
v4.4.124
v4.4.125
v4.4.126
v4.4.127
v4.4.128
v4.4.129
v4.4.13
v4.4.130
v4.4.131
v4.4.132
v4.4.133
v4.4.134
v4.4.135
v4.4.136
v4.4.137
v4.4.138
v4.4.139
v4.4.14
v4.4.140
v4.4.141
v4.4.142
v4.4.143
v4.4.144
v4.4.145
v4.4.146
v4.4.147
v4.4.148
v4.4.149
v4.4.15
v4.4.150
v4.4.151
v4.4.152
v4.4.153
v4.4.154
v4.4.155
v4.4.156
v4.4.157
v4.4.158
v4.4.159
v4.4.16
v4.4.160
v4.4.161
v4.4.162
v4.4.163
v4.4.17
v4.4.18
v4.4.19
v4.4.2
v4.4.20
v4.4.21
v4.4.22
v4.4.23
v4.4.24
v4.4.25
v4.4.26
v4.4.27
v4.4.28
v4.4.29
v4.4.3
v4.4.30
v4.4.31
v4.4.32
v4.4.33
v4.4.34
v4.4.35
v4.4.36
v4.4.37
v4.4.38
v4.4.39
v4.4.4
v4.4.40
v4.4.41
v4.4.42
v4.4.43
v4.4.44
v4.4.45
v4.4.46
v4.4.47
v4.4.48
v4.4.49
v4.4.5
v4.4.50
v4.4.51
v4.4.52
v4.4.53
v4.4.54
v4.4.55
v4.4.56
v4.4.57
v4.4.58
v4.4.59
v4.4.6
v4.4.60
v4.4.61
v4.4.62
v4.4.63
v4.4.64
v4.4.65
v4.4.66
v4.4.67
v4.4.68
v4.4.69
v4.4.7
v4.4.70
v4.4.71
v4.4.72
v4.4.73
v4.4.74
v4.4.75
v4.4.76
v4.4.77
v4.4.78
v4.4.79
v4.4.8
v4.4.80
v4.4.81
v4.4.82
v4.4.83
v4.4.84
v4.4.85
v4.4.86
v4.4.87
v4.4.88
v4.4.89
v4.4.9
v4.4.90
v4.4.91
v4.4.92
v4.4.93
v4.4.94
v4.4.95
v4.4.96
v4.4.97
v4.4.98
v4.4.99
v4.5
v4.5-rc1
v4.5-rc2
v4.5-rc3
v4.5-rc4
v4.5-rc5
v4.5-rc6
v4.5-rc7
v4.6
v4.6-rc1
v4.6-rc2
v4.6-rc3
v4.6-rc4
v4.6-rc5
v4.6-rc6
v4.6-rc7
v4.7
v4.7-rc1
v4.7-rc2
v4.7-rc3
v4.7-rc4
v4.7-rc5
v4.7-rc6
v4.7-rc7
v4.8
v4.8-rc1
v4.8-rc2
v4.8-rc3
v4.8-rc4
v4.8-rc5
v4.8-rc6
v4.8-rc7
v4.8-rc8
v4.9
v4.9-rc1
v4.9-rc2
v4.9-rc3
v4.9-rc4
v4.9-rc5
v4.9-rc6
v4.9-rc7
v4.9-rc8
v4.9.1
v4.9.10
v4.9.100
v4.9.101
v4.9.102
v4.9.103
v4.9.104
v4.9.105
v4.9.106
v4.9.107
v4.9.108
v4.9.109
v4.9.11
v4.9.110
v4.9.111
v4.9.112
v4.9.113
v4.9.114
v4.9.115
v4.9.116
v4.9.117
v4.9.118
v4.9.119
v4.9.12
v4.9.120
v4.9.121
v4.9.122
v4.9.123
v4.9.124
v4.9.125
v4.9.126
v4.9.127
v4.9.128
v4.9.129
v4.9.13
v4.9.130
v4.9.131
v4.9.132
v4.9.133
v4.9.134
v4.9.135
v4.9.136
v4.9.14
v4.9.15
v4.9.16
v4.9.17
v4.9.18
v4.9.19
v4.9.2
v4.9.20
v4.9.21
v4.9.22
v4.9.23
v4.9.24
v4.9.25
v4.9.26
v4.9.27
v4.9.28
v4.9.29
v4.9.3
v4.9.30
v4.9.31
v4.9.32
v4.9.33
v4.9.34
v4.9.35
v4.9.36
v4.9.37
v4.9.38
v4.9.39
v4.9.4
v4.9.40
v4.9.41
v4.9.42
v4.9.43
v4.9.44
v4.9.45
v4.9.46
v4.9.47
v4.9.48
v4.9.49
v4.9.5
v4.9.50
v4.9.51
v4.9.52
v4.9.53
v4.9.54
v4.9.55
v4.9.56
v4.9.57
v4.9.58
v4.9.59
v4.9.6
v4.9.60
v4.9.61
v4.9.62
v4.9.63
v4.9.64
v4.9.65
v4.9.66
v4.9.67
v4.9.68
v4.9.69
v4.9.7
v4.9.70
v4.9.71
v4.9.72
v4.9.73
v4.9.74
v4.9.75
v4.9.76
v4.9.77
v4.9.78
v4.9.79
v4.9.8
v4.9.80
v4.9.81
v4.9.82
v4.9.83
v4.9.84
v4.9.85
v4.9.86
v4.9.87
v4.9.88
v4.9.89
v4.9.9
v4.9.90
v4.9.91
v4.9.92
v4.9.93
v4.9.94
v4.9.95
v4.9.96
v4.9.97
v4.9.98
v4.9.99

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31399.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.10.253
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.20
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31399.json"