VYPR
High severity7.8NVD Advisory· Published May 1, 2026· Updated May 8, 2026

CVE-2026-31759

CVE-2026-31759

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: ulpi: fix double free in ulpi_register_interface() error path

When device_register() fails, ulpi_register() calls put_device() on ulpi->dev.

The device release callback ulpi_dev_release() drops the OF node reference and frees ulpi, but the current error path in ulpi_register_interface() then calls kfree(ulpi) again, causing a double free.

Let put_device() handle the cleanup through ulpi_dev_release() and avoid freeing ulpi again in ulpi_register_interface().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

15

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.