Bug 2464410 (CVE-2026-31732) - CVE-2026-31732 kernel: gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()
Summary: CVE-2026-31732 kernel: gpio: Fix resource leaks on errors in gpiochip_add_dat...
Keywords:
Status: NEW
Alias: CVE-2026-31732
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-01 15:05 UTC by OSIDB Bzimport
Modified: 2026-05-01 21:20 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-01 15:05:14 UTC 
In the Linux kernel, the following vulnerability has been resolved:

gpio: Fix resource leaks on errors in gpiochip_add_data_with_key()

Since commit aab5c6f20023 ("gpio: set device type for GPIO chips"),
`gdev->dev.release` is unset.  As a result, the reference count to
`gdev->dev` isn't dropped on the error handling paths.

Drop the reference on errors.

Also reorder the instructions to make the error handling simpler.
Now gpiochip_add_data_with_key() roughly looks like:

   >>> Some memory allocation.  Go to ERR ZONE 1 on errors.
   >>> device_initialize().

   gpiodev_release() takes over the responsibility for freeing the
   resources of `gdev->dev`.  The subsequent error handling paths
   shouldn't go through ERR ZONE 1 again which leads to double free.

   >>> Some initialization mainly on `gdev`.
   >>> The rest of initialization.  Go to ERR ZONE 2 on errors.
   >>> Chip registration success and exit.

   >>> ERR ZONE 2.  gpio_device_put() and exit.
   >>> ERR ZONE 1.
Comment 1 Keith Grant 2026-05-01 21:17:02 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050137-CVE-2026-31732-c3a5@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.