SB2026042542 - Improper resource shutdown or release in Linux kernel ralink rt2x00 driver
Published: April 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper resource shutdown or release (CVE-ID: CVE-2026-31672)
CWE-ID: CWE-404 - Improper Resource Shutdown or Release
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource shutdown or release in the rt2x00usb USB driver when unbinding the driver from a USB interface without physically disconnecting the device. A local user can trigger driver unbind conditions to cause a denial of service.
This can occur during probe deferral or configuration changes.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/15b233e33b35b927bd8d0044c15325564ea1ba24
- https://git.kernel.org/stable/c/1de5c76bf40e9cdeebf54662f63011fb10fa452f
- https://git.kernel.org/stable/c/25369b22223d1c56e42a0cd4ac9137349d5a898e
- https://git.kernel.org/stable/c/64a457f6afbf15f984d95201a9a1e71eed3f9dd1
- https://git.kernel.org/stable/c/65518a6965d527c53013947031f26754f6a4f6af
- https://git.kernel.org/stable/c/b245db719bc7e57abf48bd5701662b270c3880f7
- https://git.kernel.org/stable/c/c99f198841b41735796e2ddfcd573783fb552eb9
- https://git.kernel.org/stable/c/e360d15fcb1e819eef49e3d4434d8050542eed16