CVE-2026-31468

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double free issue exists in the dma-buf feature of the vfio/pci component. The error path within the vfio pci core feature dma buf() function incorrectly triggers the entire unwind chain instead of only using dma buf put() after dma buf export(). In scenarios involving file descriptor exhaustion, this leads to an unbalanced refcount on the vfio device and the subsequent double free of allocated objects.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.