CVE-2026-31389
Description
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free (of driver resources) and unclocked register accesses.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 6.1.170-1 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 6.19.10-1 |
| debian | sid | fixed | 6.19.10-1 |
| debian | trixie | fixed | 6.12.85-1 |
| linux-kernel | affected | 6.1.167 | |
| linux-kernel | 7.0 | affected | |
References
- https://git.kernel.org/stable/c/0e23f50086da7d0b183dfeac26021acfcdee086b
- https://git.kernel.org/stable/c/23b51bad2eb8787aa74324cfccefb258515ae5ba
- https://git.kernel.org/stable/c/6bbd385b30c7fb6c7ee0669e9ada91490938c051
- https://git.kernel.org/stable/c/80f3e8cd2b4ad355b2ad2024cf423f6d183404f7
- https://git.kernel.org/stable/c/8634e05b08ead636e926022f4a98416e13440df9
- https://git.kernel.org/stable/c/afe27c1f43aa57530011f419be6ddf71306565d2
- https://www.suse.com/security/cve/CVE-2026-31389.html
- https://security-tracker.debian.org/tracker/CVE-2026-31389
CWEs
CWE-416
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.