USB Driver Vulnerability in Linux Kernel Affecting Device Resource Management
CVE-2026-31672

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31672?

The identified vulnerability in the Linux kernel pertains to the improper lifetime management of device resources linked to USB interfaces. When USB drivers bind to USB interfaces, any resources managed by these drivers must have their lifespan associated with the interface, not merely the parent USB device. This critical adjustment prevents potential memory leaks that can occur if drivers are unbound without the physical disconnection of their devices, such as in scenarios involving probe deferral or configuration alterations. An essential fix involves ensuring that the USB anchor's lifetime is accurately maintained and released upon driver unbinding, thereby significantly enhancing stability and reliability.

Affected Version(s)

Linux 8b4c0009313f3d42e2540e3e1f776097dd0db73d < 64a457f6afbf15f984d95201a9a1e71eed3f9dd1

Linux 8b4c0009313f3d42e2540e3e1f776097dd0db73d < 65518a6965d527c53013947031f26754f6a4f6af

Linux 8b4c0009313f3d42e2540e3e1f776097dd0db73d < 15b233e33b35b927bd8d0044c15325564ea1ba24

References

https://git.kernel.org/stable/c/64a457f6afbf15f984d95201a...

https://git.kernel.org/stable/c/65518a6965d527c5301394703...

https://git.kernel.org/stable/c/15b233e33b35b927bd8d0044c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31672 Data

JSON