CVE-2026-31559 PUBLISHED

LoongArch: Fix missing NULL checks for kstrdup()

Assigner: Linux
Reserved: 09.03.2026 Published: 24.04.2026 Updated: 25.04.2026

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: Fix missing NULL checks for kstrdup()

  1. Replace "of_find_node_by_path("/")" with "of_root" to avoid multiple calls to "of_node_put()".

  2. Fix a potential kernel oops during early boot when memory allocation fails while parsing CPU model from device tree.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from facc69f43502c135c16b97d5ded7253f15597912 to 5e7fde2c551f86e6c3de3fd7a9b1f52806ac8db0 (excl.)
  • affected from 70a2365e18affc5ebdaab1ca6a0b3c4f3aac2ee8 to a1da957c25cf751a2dce8fb7777f82ccbac0cb3e (excl.)
  • affected from 70a2365e18affc5ebdaab1ca6a0b3c4f3aac2ee8 to b61a309743322fb57fb9afa9aa3495ac758e4f5e (excl.)
  • affected from 70a2365e18affc5ebdaab1ca6a0b3c4f3aac2ee8 to 3a28daa9b7d7c2ddf2c722e9e95d7e0928bf0cd1 (excl.)
  • Version 620805dc674eab3055543496a7ef25beb9ffd2a8 is affected
  • Version 8dfeedf9eceadc1a2fc9066b4c5230690d1cad48 is affected
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.17 is affected
  • unaffected from 0 to 6.17 (excl.)
  • unaffected from 6.12.80 to 6.12.* (incl.)
  • unaffected from 6.18.21 to 6.18.* (incl.)
  • unaffected from 6.19.11 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References