CVE-2026-31530

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use after free issue exists in the cxl detach ep() function. This occurs during bottom-up removal when CXL memory devices beneath a switch port are removed. The issue arises because there is no lifetime guarantee between a child port and its parent port, leading to two scenarios where parent port may be accessed after being freed: first, during concurrent detach operations where a port may be processed by another worker before being unlocked; and second, when delete switch port() triggers a cascade of unregistrations that may free the parent port before it is unlocked.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.