CVE-2026-31689

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the EDAC/mc component where the error path ordering in the edac mc alloc() function is incorrect. When the mci->pvt info allocation fails, the system calls put device(), which triggers the device's release function. Because device initialize() occurs after the failed allocation, the device and its release function pointer remain uninitialized at the time of the call, leading to a null pointer dereference in kobject put().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.