CVE-2026-31759

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double free issue exists in the USB ULPI (Ultra Low Power Interface) component. When the device register() function fails, ulpi register() invokes put device() on ulpi->dev. The device release callback ulpi dev release() then drops the Open Firmware (OF) node reference and frees the ulpi structure. However, the error path in the ulpi register interface() function calls kfree(ulpi) again, leading to a double free. A double free occurs when the system attempts to free the same memory location twice, which can lead to system instability or crashes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.