CVE-2026-31701

Medium

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in create_card() The caiaq driver stores a pointer to the parent USB device in cdev->chip.dev but never takes a reference on it. The card's private_free callback, snd_usb_caiaq_card_free(), can run asynchronously via snd_card_free_when_closed() after the USB device has already been disconnected and freed, so any access to cdev->chip.dev in that path dereferences a freed usb_device. On top of the refcounting issue, the current card_free implementation calls usb_reset_device(cdev->chip.dev). A reset in a free callback is inappropriate: the device is going away, the call takes the device lock in a teardown context, and the reset races with the disconnect path that the callback is already cleaning up after. Take a reference on the USB device in create_card() with usb_get_dev(), drop it with usb_put_dev() in the free callback, and remove the usb_reset_device() call.

Package Linux Kernel
Published 2026-05-01
Last modified 2026-06-01
CVSS version 3.1
Patch available
Yes

CVSS 3.1 score

5.5

out of 10
Medium
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions

Linux kernel versions 5.10.231, 5.15.174, 6.1.120, 6.6.64, 6.12.2, 4.19.325, 5.4.287, 6.11.11, 6.13 and later are affected. Fixed in 5.10.258, 5.15.209, 6.1.175, 6.6.136, 6.12.84, 6.18.25, 7.0.2, 7.1-rc1 and their respective stable series.

Affected from
≥ 5.10.231 ≥ 5.15.174 ≥ 6.1.120 ≥ 6.6.64 ≥ 6.12.2 ≥ 4.19.325 ≥ 5.4.287 ≥ 6.11.11 ≥ 6.13
Fixed in
✓ 5.10.258 5.10.x ✓ 5.15.209 5.15.x ✓ 6.1.175 6.1.x ✓ 6.6.136 6.6.x ✓ 6.12.84 6.12.x ✓ 6.18.25 6.18.x ✓ 7.0.2 7.0.x ✓ 7.1-rc1

References

The following references provide additional information about CVE-2026-31701 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

8 patch commits total View all on NVD

Frequently asked questions

  • What is CVE-2026-31701?

    CVE-2026-31701 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 5.10.231 onward and has been patched in 5.10.258, 5.15.209, 6.1.175 and others. CVE-2026-31701 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • What is the CVSS score for CVE-2026-31701?

    CVE-2026-31701 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H .

  • Is there a patch available for CVE-2026-31701?

    Yes — CVE-2026-31701 has been patched. Fixed versions include 5.10.258, 5.15.209, 6.1.175 and others. If you are running Linux kernel 5.10.231 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2026-31701 actively exploited?

    No — CVE-2026-31701 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

Back to
All CVEs
View on
NVD / NIST