Use-After-Free in Linux Kernel ACPI EC Handler
CVE-2026-31426

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-31426?

In the Linux kernel, a vulnerability arises from improper error handling in the ACPI EC setup function. When ec_install_handlers() encounters a deferred probe, it fails to clean up handler installations, which can lead to a use-after-free scenario. This issue may cause unprivileged sysfs reads to trigger erroneous memory access, potentially compromising system integrity on affected hardware platforms. The recommended mitigation involves ensuring proper cleanup of handlers during error situations.

Affected Version(s)

Linux 03e9a0e05739cf872fee494b06c75c0469704a21 < 022d1727f33ff90b3e1775125264e3023901952e

Linux 03e9a0e05739cf872fee494b06c75c0469704a21 < 9c886e63b69658959633937e3acb7ca8addf7499

Linux 03e9a0e05739cf872fee494b06c75c0469704a21 < 808c0f156f48d5b8ca34088cbbfba8444e606cbc

References

https://git.kernel.org/stable/c/022d1727f33ff90b3e1775125...

https://git.kernel.org/stable/c/9c886e63b69658959633937e3...

https://git.kernel.org/stable/c/808c0f156f48d5b8ca34088cb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31426 Data

JSON