Linux Kernel Vulnerability in VUB300 Driver by Linux Foundation
CVE-2026-31651

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31651?

A vulnerability exists in the Linux kernel's VUB300 driver that could lead to a NULL-pointer dereference upon device disconnect. This issue arises when the controller is not deregistered before dropping the reference to the driver data, resulting in potential instability or crashes. Patching this vulnerability is critical to maintaining system integrity and preventing unexpected behavior in environments utilizing the VUB300 driver.

Affected Version(s)

Linux 88095e7b473a3d9ec3b9c60429576e9cbd327c89 < 6446516e626ce7c44bdadbcbb3d7677a2c52ce93

Linux 88095e7b473a3d9ec3b9c60429576e9cbd327c89

Linux 88095e7b473a3d9ec3b9c60429576e9cbd327c89 < 517b58e1d067115f80d198feee10192da4c424d0

References

https://git.kernel.org/stable/c/6446516e626ce7c44bdadbcbb...

https://git.kernel.org/stable/c/ba3b9429de94958dc0060d981...

https://git.kernel.org/stable/c/517b58e1d067115f80d198fee...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31651 Data

JSON