CVE-2026-31582

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the hwmon powerz component during USB disconnection. When powerz disconnect() frees the URB (USB Request Block) and releases the mutex, a subsequent call to powerz read() can acquire the mutex and trigger powerz read data(), which then dereferences the freed URB pointer.

Recommendations Set priv->urb to NULL in powerz disconnect() to allow powerz read data() to detect the disconnected state. Add a !priv->urb check at the beginning of powerz read data() to return -ENODEV for disconnected devices. Move usb set intfdata() before hwmon registration to ensure the disconnect handler can always locate the priv pointer.