Improper resource shutdown or release in Linux kernel - CVE-2026-31672
Published: April 25, 2026
Vulnerability identifier: #VU127724
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31672
CWE-ID: CWE-404
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource shutdown or release in the rt2x00usb USB driver when unbinding the driver from a USB interface without physically disconnecting the device. A local user can trigger driver unbind conditions to cause a denial of service.
This can occur during probe deferral or configuration changes.
How to mitigate CVE-2026-31672
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/15b233e33b35b927bd8d0044c15325564ea1ba24
- https://git.kernel.org/stable/c/1de5c76bf40e9cdeebf54662f63011fb10fa452f
- https://git.kernel.org/stable/c/25369b22223d1c56e42a0cd4ac9137349d5a898e
- https://git.kernel.org/stable/c/64a457f6afbf15f984d95201a9a1e71eed3f9dd1
- https://git.kernel.org/stable/c/65518a6965d527c53013947031f26754f6a4f6af
- https://git.kernel.org/stable/c/b245db719bc7e57abf48bd5701662b270c3880f7
- https://git.kernel.org/stable/c/c99f198841b41735796e2ddfcd573783fb552eb9
- https://git.kernel.org/stable/c/e360d15fcb1e819eef49e3d4434d8050542eed16