CVE-2026-31587

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the ASoC qcom q6apm component where dais are registered dynamically from ASoC topology using device managed APIs. When both the component and dynamic dais use managed versions, it can lead to incorrect free ordering, resulting in a slab-use-after-free condition where the dai is freed while the component still holds references to it. This was observed in the snd soc del component unlocked() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.