CVE-2026-31527 PUBLISHED

driver core: platform: use generic driver_override infrastructure

Assigner: Linux
Reserved: 09.03.2026 Published: 22.04.2026 Updated: 22.04.2026

In the Linux kernel, the following vulnerability has been resolved:

driver core: platform: use generic driver_override infrastructure

When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF.

Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally.

Note that calling match() from __driver_attach() without the device lock held is intentional. [1]

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 3d713e0e382e6fcfb4bba1501645b66c129ad60b to 9a6086d2a828dd2ff74cf9abcae456670febd71f (excl.)
  • affected from 3d713e0e382e6fcfb4bba1501645b66c129ad60b to 7c02a9bd7d14a89065fcf672b86d8e1d1a41d3b1 (excl.)
  • affected from 3d713e0e382e6fcfb4bba1501645b66c129ad60b to edee7ee5a14c3b33f6d54641f5af5c5e9180992d (excl.)
  • affected from 3d713e0e382e6fcfb4bba1501645b66c129ad60b to 2b38efc05bf7a8568ec74bfffea0f5cfa62bc01d (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 3.17 is affected
  • unaffected from 0 to 3.17 (excl.)
  • unaffected from 6.12.80 to 6.12.* (incl.)
  • unaffected from 6.18.21 to 6.18.* (incl.)
  • unaffected from 6.19.11 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References