PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31732 Linux CVE debrief

The Linux kernel has a vulnerability in the gpiochip_add_data_with_key() function, which can cause resource leaks on errors. This issue was introduced by a commit that unset the release function for the device. As a result, the reference count to the device isn't dropped on error handling paths, leading to potential resource leaks. The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. Linux kernel versions 6.9 to 6.18.22, 6.19 to 6.19.12, and 7.0 RC1 to RC6 are affected.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-01
Original CVE updated
2026-07-04
Advisory published
2026-05-01
Advisory updated
2026-07-04

Who should care

Linux kernel developers, maintainers, and users who rely on the gpiochip_add_data_with_key() function should be aware of this vulnerability. They should review their kernel versions and apply patches or updates as needed to prevent potential resource leaks.

Technical summary

The gpiochip_add_data_with_key() function in the Linux kernel has a vulnerability that can cause resource leaks on errors. The issue arises from the fact that the release function for the device is unset, leading to a failure to drop the reference count to the device on error handling paths. This vulnerability affects Linux kernel versions 6.9 to 6.18.22, 6.19 to 6.19.12, and 7.0 RC1 to RC6. The Common Vulnerabilities and Exposures (CVE) score for this vulnerability is 5.5, with a severity rating of MEDIUM.

Defensive priority

Apply patches or updates to the Linux kernel to fix the vulnerability in the gpiochip_add_data_with_key() function. Review kernel versions and ensure they are up-to-date to prevent potential resource leaks.

Recommended defensive actions

  • Apply patches or updates to the Linux kernel to fix the vulnerability in the gpiochip_add_data_with_key() function.
  • Review kernel versions and ensure they are up-to-date to prevent potential resource leaks.
  • Monitor Linux kernel updates and patches for future vulnerabilities.
  • Consider implementing additional security measures to prevent potential attacks.
  • Review and update incident response plans to address potential vulnerabilities.

Evidence notes

The vulnerability was introduced by a commit that unset the release function for the device. The Common Vulnerabilities and Exposures (CVE) score for this vulnerability is 5.5, with a severity rating of MEDIUM. Linux kernel versions 6.9 to 6.18.22, 6.19 to 6.19.12, and 7.0 RC1 to RC6 are affected.

Official resources

This article was generated with AI assistance based on the supplied source corpus.