Driver Vulnerability in Linux Kernel Affecting Core Platform Components
CVE-2026-31527

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31527?

A vulnerability has been identified in the Linux kernel that affects the driver core when a driver is probed via the __driver_attach() function. The issue arises because the bus' match() callback is executed without holding the necessary device lock, leading to potential access of the driver_override field without appropriate locking mechanisms in place. This flaw can result in use-after-free (UAF) vulnerabilities, which may lead to unpredictable behavior in the system. The resolution involves utilizing the driver core's existing driver_override infrastructure to ensure proper locking is maintained internally during the probing process.

Affected Version(s)

Linux 3d713e0e382e6fcfb4bba1501645b66c129ad60b < 9a6086d2a828dd2ff74cf9abcae456670febd71f

Linux 3d713e0e382e6fcfb4bba1501645b66c129ad60b < 7c02a9bd7d14a89065fcf672b86d8e1d1a41d3b1

Linux 3d713e0e382e6fcfb4bba1501645b66c129ad60b

References

https://git.kernel.org/stable/c/9a6086d2a828dd2ff74cf9abc...

https://git.kernel.org/stable/c/7c02a9bd7d14a89065fcf672b...

https://git.kernel.org/stable/c/edee7ee5a14c3b33f6d54641f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31527 Data

JSON