CVE-2026-31581

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the ALSA 6fire component. In the usb6fire chip abort() function, the chip structure is allocated as the card's private data. When snd card free when closed() is executed and no file handles are open, the card and the embedded chip are freed synchronously. This causes a subsequent write operation to chip->card = NULL to target freed slab memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.