CVE-2026-31604
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: fix device leak on probe failure
Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the structures are needed after disconnect.
This driver takes a reference to the USB device during probe but does not to release it on all probe errors (e.g. when descriptor parsing fails).
Drop the redundant device reference to fix the leak, reduce cargo culting, make it easier to spot drivers where an extra reference is needed, and reduce the risk of further memory leaks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's rtw88 driver, a USB device reference leak occurs on probe failure, potentially leading to memory exhaustion.
Vulnerability
CVE-2026-31604 is a memory leak vulnerability in the rtw88 wireless driver in the Linux kernel. During probe, the driver takes an extra reference to the USB device via usb_get_dev(), but fails to release it on all error paths (e.g., when descriptor parsing fails). This results in a persistent device reference that prevents proper cleanup.
Exploitation
The vulnerability is triggered by inserting a Realtek USB WiFi adapter that is compatible with the rtw88 driver, but whose probe fails due to malformed descriptors or other issues. No special privileges are required; physical access or the ability to connect a USB device is sufficient. The attack surface is limited to systems with the rtw88 driver loaded.
Impact
An attacker who can repeatedly trigger probe failures could exhaust kernel memory, leading to denial of service. The CVSS score is 5.5 (Medium) with low attack complexity and no user interaction required, but availability impact is limited.
Mitigation
The fix drops the redundant usb_get_dev() call, as the driver core already holds a reference while the driver is bound. The patch was applied to the stable kernel trees in April 2026 [1]. Users should update to a kernel containing the commit to resolve the leak.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/25a827b7e1d5747a255bdc757f1d3e9e1e8a4e2anvdPatch
- git.kernel.org/stable/c/89a9c1bc7d797120bcc290864e0cb10a440a677fnvdPatch
- git.kernel.org/stable/c/a4f4371d194dfa5473cc961f86194084b1b13a69nvdPatch
- git.kernel.org/stable/c/af7307e96dad00bcc2675dac650d8558a52f2c6fnvdPatch
- git.kernel.org/stable/c/bbb15e71156cd9f5e1869eee7207a06ea8e96c39nvdPatch
- git.kernel.org/stable/c/f632987306bce9242cdfcf911ee0b2c9455e05a3nvdPatch
News mentions
0No linked articles in our index yet.