Double Free Vulnerability in Linux Kernel Affecting BCMASP Driver
CVE-2026-31506

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31506?

A vulnerability in the Linux kernel's BCMASP driver was identified, which involved a double free of the WoL (Wake on LAN) interrupt request (irq). This issue arose because the irq was incorrectly freed, despite being instantiated with the devm_request_irq() function. The devm_request_irq() function automatically manages the freeing of the raw memory, which could lead to potential security issues and instability. The vulnerability has been addressed to ensure that the irq is not manually freed, allowing the driver's memory management to work as intended.

Affected Version(s)

Linux a2f0751206b03374f6d02f89c18a60f1bb238fea < 121a6ad9cd42ba3bfc57deae93e3326515c2afe1

Linux a2f0751206b03374f6d02f89c18a60f1bb238fea < 9e5f5c07cc7d66522f8c9676c28605eba5d4a20e

Linux a2f0751206b03374f6d02f89c18a60f1bb238fea < 8a30509ce6a29bdf18e0802383c524a7b2357ec0

References

https://git.kernel.org/stable/c/121a6ad9cd42ba3bfc57deae9...

https://git.kernel.org/stable/c/9e5f5c07cc7d66522f8c9676c...

https://git.kernel.org/stable/c/8a30509ce6a29bdf18e080238...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31506 Data

JSON