CVE-2026-31688

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description A race condition exists in the driver core due to inconsistent locking in the driver match device() function. While one call site holds the device lock(dev), others such as bind store and driver attach do not, meaning bus match() callbacks may be executed without the required lock. This inconsistency can lead to a use-after-free (UAF) condition, which is a situation where a program continues to use a pointer after it has been freed, specifically affecting buses that utilize the driver override implementation.

Recommendations Update the Linux Kernel to a version where driver match device locked() is implemented to enforce the device lock using a scoped guard in bind store() and driver attach().