Bug 2461531 (CVE-2026-31621) - CVE-2026-31621 kernel: bnge: return after auxiliary_device_uninit() in error path
Summary: CVE-2026-31621 kernel: bnge: return after auxiliary_device_uninit() in error ...
Keywords:
Status: NEW
Alias: CVE-2026-31621
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-24 15:06 UTC by OSIDB Bzimport
Modified: 2026-04-24 20:20 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-24 15:06:55 UTC
In the Linux kernel, the following vulnerability has been resolved:

bnge: return after auxiliary_device_uninit() in error path

When auxiliary_device_add() fails, the error block calls
auxiliary_device_uninit() but does not return.  The uninit drops the
last reference and synchronously runs bnge_aux_dev_release(), which sets
bd->auxr_dev = NULL and frees the underlying object.  The subsequent
bd->auxr_dev->net = bd->netdev then dereferences NULL, which is not a
good thing to have happen when trying to clean up from an error.

Add the missing return, as the auxiliary bus documentation states is a
requirement (seems that LLM tools read documentation better than humans
do...)


Note You need to log in before you can comment on or make changes to this bug.