CVE-2026-31759 · threatengine.sh

Home/CVE/In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix double free in ulpi_register_interfa

CVE

CVE-2026-31759

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix double free in ulpi_register_interfa

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix double free in ulpi_register_interface() error path When device_register() fails, ulpi_register() calls put_device() on ulpi-dev. The device release callback ulpi_dev_release() drops the OF node reference and frees ulpi, but the current error path in ulpi_register_interface() then calls kfree(ulpi) again, causing a double free. Let put_device() handle the cleanup through ulpi_dev_release() and avoid freeing ulpi again in ulpi_register_interface().

HIGH · CVSS 7.8 EPSS 0.00015

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-415Double Free

▤

Affected Products & Versions

8

linux kernel>= 4.2 and < 5.10.253
linux kernel>= 5.11 and < 5.15.203
linux kernel>= 5.16 and < 6.1.168
linux kernel>= 6.2 and < 6.6.134
linux kernel>= 6.7 and < 6.12.81
linux kernel>= 6.13 and < 6.18.22
linux kernel>= 6.19 and < 6.19.12
linux kernelall versions

▣

Scoring & Timeline

7.8

HIGH · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD01 May 2026 · 03:16 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

🔗

References & Sources

8

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/01af542392b5d41fd659d487015a71f627accce3Patch

https://git.kernel.org/stable/c/272a9b26c336a295e4e209157fed809706c1b1f7Patch

https://git.kernel.org/stable/c/2f70ba9dae13a190673cc3f9b4aad52179738f60Patch

https://git.kernel.org/stable/c/38c28fe25611099230f0965c925499bfcf46a795Patch

https://git.kernel.org/stable/c/8763f8317bb389aded32a32b08f6751cfff657d2Patch

https://git.kernel.org/stable/c/a6e5461f076c2ef63159f18e5cdbd30b50f0bc15Patch

Show all 8 references

https://git.kernel.org/stable/c/aaeae6533d77e6ed4def85baec01e2815ebbef61Patch

https://git.kernel.org/stable/c/ee248e6e941e4f2e634df2bd43e5f1ef810ab6dfPatch

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin