CVE-2026-31621

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the bnge driver where the error path fails to return after calling the auxiliary device uninit() function. When auxiliary device add() fails, the system calls auxiliary device uninit(), which drops the last reference and triggers bnge aux dev release(). This process sets the bd->auxr dev variable to NULL and frees the underlying object. Because the code continues to execute, it attempts to access bd->auxr dev->net, resulting in a NULL pointer dereference during the error cleanup process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.