PatchSiren cyber security CVE debrief
CVE-2026-31732 Linux CVE debrief
The Linux kernel has a vulnerability in the gpiochip_add_data_with_key() function, which can cause resource leaks on errors. This issue was introduced by a commit that unset the release function for the device. As a result, the reference count to the device isn't dropped on error handling paths, leading to potential resource leaks. The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. Linux kernel versions 6.9 to 6.18.22, 6.19 to 6.19.12, and 7.0 RC1 to RC6 are affected.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-01
- Original CVE updated
- 2026-07-04
- Advisory published
- 2026-05-01
- Advisory updated
- 2026-07-04
Who should care
Linux kernel developers, maintainers, and users who rely on the gpiochip_add_data_with_key() function should be aware of this vulnerability. They should review their kernel versions and apply patches or updates as needed to prevent potential resource leaks.
Technical summary
The gpiochip_add_data_with_key() function in the Linux kernel has a vulnerability that can cause resource leaks on errors. The issue arises from the fact that the release function for the device is unset, leading to a failure to drop the reference count to the device on error handling paths. This vulnerability affects Linux kernel versions 6.9 to 6.18.22, 6.19 to 6.19.12, and 7.0 RC1 to RC6. The Common Vulnerabilities and Exposures (CVE) score for this vulnerability is 5.5, with a severity rating of MEDIUM.
Defensive priority
Apply patches or updates to the Linux kernel to fix the vulnerability in the gpiochip_add_data_with_key() function. Review kernel versions and ensure they are up-to-date to prevent potential resource leaks.
Recommended defensive actions
- Apply patches or updates to the Linux kernel to fix the vulnerability in the gpiochip_add_data_with_key() function.
- Review kernel versions and ensure they are up-to-date to prevent potential resource leaks.
- Monitor Linux kernel updates and patches for future vulnerabilities.
- Consider implementing additional security measures to prevent potential attacks.
- Review and update incident response plans to address potential vulnerabilities.
Evidence notes
The vulnerability was introduced by a commit that unset the release function for the device. The Common Vulnerabilities and Exposures (CVE) score for this vulnerability is 5.5, with a severity rating of MEDIUM. Linux kernel versions 6.9 to 6.18.22, 6.19 to 6.19.12, and 7.0 RC1 to RC6 are affected.
Official resources
-
CVE-2026-31732 CVE record
CVE.org
-
CVE-2026-31732 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
This article was generated with AI assistance based on the supplied source corpus.