CVE-2026-31578

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the as102 usb driver. When the as102 usb probe() function encounters an error after successfully calling usb register dev(), it may call usb deregister dev() and immediately free the memory associated with as102 dev t. If a userspace process successfully opens the device before deregistration, the file descriptor remains valid. When this descriptor is eventually closed, the as102 release() function (which calls as102 usb release()) attempts to access or free the as102 dev t memory again, leading to a use-after-free and double-free scenario.

Recommendations Update the Linux kernel to a version where the as102 usb probe() function is modified to defer freeing as102 dev t memory to the .release() function after usb register dev() has succeeded.