{"id":"CVE-2026-31399","summary":"nvdimm/bus: Fix potential use after free in asynchronous initialization","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm/bus: Fix potential use after free in asynchronous initialization\n\nDingisoul with KASAN reports a use after free if device_add() fails in\nnd_async_device_register().\n\nCommit b6eae0f61db2 (\"libnvdimm: Hold reference on parent while\nscheduling async init\") correctly added a reference on the parent device\nto be held until asynchronous initialization was complete.  However, if\ndevice_add() results in an allocation failure the ref count of the\ndevice drops to 0 prior to the parent pointer being accessed.  Thus\nresulting in use after free.\n\nThe bug bot AI correctly identified the fix.  Save a reference to the\nparent pointer to be used to drop the parent reference regardless of the\noutcome of device_add().","modified":"2026-04-14T03:47:18.655036Z","published":"2026-04-03T15:16:03.246Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31399.json"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2c638259ad750833fd46a0cf57672a618542d84c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/84af19855d1abdee3c9d57c0684e2868e391793c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a226e5b49e5fe8c98b14f8507de670189d191348"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a8aec14230322ed8f1e8042b6d656c1631d41163"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20e"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31399.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31399"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b6eae0f61db27748606cc00dafcfd1e2c032f0a5"},{"fixed":"9a0fb16ba5b372465a3a1ecd761c6fa911a4ab4d"},{"fixed":"e48bf8f1d2b12c1c5ba1f609edbd4cde5dadc20e"},{"fixed":"2c638259ad750833fd46a0cf57672a618542d84c"},{"fixed":"a226e5b49e5fe8c98b14f8507de670189d191348"},{"fixed":"84af19855d1abdee3c9d57c0684e2868e391793c"},{"fixed":"a8aec14230322ed8f1e8042b6d656c1631d41163"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"8954771abdea5c34280870e35592c7226a816d95"},{"last_affected":"3e63a7f25cc85d3d3e174b9b0e3489ebb7eaf4ab"},{"last_affected":"1490de2bb0836fc0631c04d0559fdf81545b672f"},{"last_affected":"e31a8418c8df7e6771414f99ed3d95ba8aca4e05"},{"last_affected":"4f1a55a4f990016406147cf3e0c9487bf83e50f0"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31399.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"6.1.167"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.78"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.20"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31399.json"}}],"schema_version":"1.7.5"}