Vulnerabilities ›

CVE-2026-31745

High

CWE-415 — Weakness Type

                    Published: May 1, 2026                      ·  Modified: May 8, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

In the Linux kernel, the following vulnerability has been resolved:

reset: gpio: fix double free in reset_add_gpio_aux_device() error path

When __auxiliary_device_add() fails, reset_add_gpio_aux_device()
calls auxiliary_device_uninit(adev).

The device release callback reset_gpio_aux_device_release() frees
adev, but the current error path then calls kfree(adev) again,
causing a double free.

Keep kfree(adev) for the auxiliary_device_init() failure path, but
avoid freeing adev after auxiliary_device_uninit().

🤖 AI Executive Summary

A double free vulnerability exists in the Linux kernel's GPIO reset driver when auxiliary device initialization fails. The error handling path incorrectly frees memory twice, potentially allowing denial of service or code execution.

📄 Description (Arabic)

تحتوي ثغرة في برنامج تشغيل إعادة تعيين GPIO بنواة لينكس على خطأ في معالجة الأخطاء حيث يتم تحرير الذاكرة مرتين عند فشل إضافة الجهاز المساعد. قد يؤدي هذا إلى حالة عدم استقرار النظام أو تنفيذ كود عشوائي.

🤖 ملخص تنفيذي (AI)

A double free vulnerability in Linux kernel GPIO reset driver occurs during failed auxiliary device initialization. This could enable denial of service attacks or arbitrary code execution on affected Saudi systems.

🤖 AI Intelligence Analysis Analyzed: May 7, 2026 23:27

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government energy telecom

🎯 MITRE ATT&CK Techniques

T1499.004 T1561.002

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update the Linux kernel to the patched version that corrects the error handling in reset_add_gpio_aux_device() to avoid double free. Apply the fix that removes redundant kfree(adev) after auxiliary_device_uninit() call.

🔧 خطوات المعالجة (العربية)

قم بتحديث نواة لينكس إلى الإصدار المصحح الذي يصحح معالجة الأخطاء في reset_add_gpio_aux_device() لتجنب التحرير المزدوج. طبق الإصلاح الذي يزيل استدعاء kfree(adev) الزائد بعد استدعاء auxiliary_device_uninit().

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-12

🟡 ISO 27001:2022

27001:A.12.6.1 27001:A.14.2.1

🔗 References & Sources 2

🔗

https://git.kernel.org/stable/c/1de465753220deb41569cf2add87bbb0673731db

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/fbffb8c7c7bb4d38e9f65e0bee446685011de5d8

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

📦 Affected Products / CPE 8 entries

linux:linux_kernel

linux:linux_kernel:7.0

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-415

EPSS0.02%

Exploit No

Patch ✓ Yes

Published 2026-05-01

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-415

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-31745

💬 Comments

Introduce Yourself

Sign In Required