CVE-2026-31399 PUBLISHED

nvdimm/bus: Fix potential use after free in asynchronous initialization

Assigner: Linux
Reserved: 09.03.2026 Published: 03.04.2026 Updated: 03.04.2026

In the Linux kernel, the following vulnerability has been resolved:

nvdimm/bus: Fix potential use after free in asynchronous initialization

Dingisoul with KASAN reports a use after free if device_add() fails in nd_async_device_register().

Commit b6eae0f61db2 ("libnvdimm: Hold reference on parent while scheduling async init") correctly added a reference on the parent device to be held until asynchronous initialization was complete. However, if device_add() results in an allocation failure the ref count of the device drops to 0 prior to the parent pointer being accessed. Thus resulting in use after free.

The bug bot AI correctly identified the fix. Save a reference to the parent pointer to be used to drop the parent reference regardless of the outcome of device_add().

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from b6eae0f61db27748606cc00dafcfd1e2c032f0a5 to 9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d (excl.)
  • affected from b6eae0f61db27748606cc00dafcfd1e2c032f0a5 to e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20e (excl.)
  • affected from b6eae0f61db27748606cc00dafcfd1e2c032f0a5 to 2c638259ad750833fd46a0cf57672a618542d84c (excl.)
  • affected from b6eae0f61db27748606cc00dafcfd1e2c032f0a5 to a226e5b49e5fe8c98b14f8507de670189d191348 (excl.)
  • affected from b6eae0f61db27748606cc00dafcfd1e2c032f0a5 to 84af19855d1abdee3c9d57c0684e2868e391793c (excl.)
  • affected from b6eae0f61db27748606cc00dafcfd1e2c032f0a5 to a8aec14230322ed8f1e8042b6d656c1631d41163 (excl.)
  • Version 8954771abdea5c34280870e35592c7226a816d95 is affected
  • Version 3e63a7f25cc85d3d3e174b9b0e3489ebb7eaf4ab is affected
  • Version 1490de2bb0836fc0631c04d0559fdf81545b672f is affected
  • Version e31a8418c8df7e6771414f99ed3d95ba8aca4e05 is affected
  • Version 4f1a55a4f990016406147cf3e0c9487bf83e50f0 is affected
Vendor Linux
Product Linux
Versions Default: affected
  • Version 4.20 is affected
  • unaffected from 0 to 4.20 (excl.)
  • unaffected from 6.1.167 to 6.1.* (incl.)
  • unaffected from 6.6.130 to 6.6.* (incl.)
  • unaffected from 6.12.78 to 6.12.* (incl.)
  • unaffected from 6.18.20 to 6.18.* (incl.)
  • unaffected from 6.19.10 to 6.19.* (incl.)
  • unaffected from 7.0-rc5 to * (incl.)

References