VYPR
Medium severity5.5NVD Advisory· Published Apr 24, 2026· Updated Apr 28, 2026

CVE-2026-31621

CVE-2026-31621

Description

In the Linux kernel, the following vulnerability has been resolved:

bnge: return after auxiliary_device_uninit() in error path

When auxiliary_device_add() fails, the error block calls auxiliary_device_uninit() but does not return. The uninit drops the last reference and synchronously runs bnge_aux_dev_release(), which sets bd->auxr_dev = NULL and frees the underlying object. The subsequent bd->auxr_dev->net = bd->netdev then dereferences NULL, which is not a good thing to have happen when trying to clean up from an error.

Add the missing return, as the auxiliary bus documentation states is a requirement (seems that LLM tools read documentation better than humans do...)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.