{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31621", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.123Z", "datePublished": "2026-04-24T14:42:39.274Z", "dateUpdated": "2026-04-24T14:42:39.274Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-24T14:42:39.274Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnge: return after auxiliary_device_uninit() in error path\n\nWhen auxiliary_device_add() fails, the error block calls\nauxiliary_device_uninit() but does not return. The uninit drops the\nlast reference and synchronously runs bnge_aux_dev_release(), which sets\nbd->auxr_dev = NULL and frees the underlying object. The subsequent\nbd->auxr_dev->net = bd->netdev then dereferences NULL, which is not a\ngood thing to have happen when trying to clean up from an error.\n\nAdd the missing return, as the auxiliary bus documentation states is a\nrequirement (seems that LLM tools read documentation better than humans\ndo...)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/broadcom/bnge/bnge_auxr.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "38c383ec6d37f4b5597f8e6a1f5c2ab31ea01d3a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "87bc3557c708110d83086bf091328271298a44e3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/broadcom/bnge/bnge_auxr.c"], "versions": [{"version": "6.19.14", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.1", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.19.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/38c383ec6d37f4b5597f8e6a1f5c2ab31ea01d3a"}, {"url": "https://git.kernel.org/stable/c/87bc3557c708110d83086bf091328271298a44e3"}], "title": "bnge: return after auxiliary_device_uninit() in error path", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnge: return after auxiliary_device_uninit() in error path\n\nWhen auxiliary_device_add() fails, the error block calls\nauxiliary_device_uninit() but does not return. The uninit drops the\nlast reference and synchronously runs bnge_aux_dev_release(), which sets\nbd->auxr_dev = NULL and frees the underlying object. The subsequent\nbd->auxr_dev->net = bd->netdev then dereferences NULL, which is not a\ngood thing to have happen when trying to clean up from an error.\n\nAdd the missing return, as the auxiliary bus documentation states is a\nrequirement (seems that LLM tools read documentation better than humans\ndo...)"}], "id": "CVE-2026-31621", "lastModified": "2026-04-24T17:51:40.810", "metrics": {}, "published": "2026-04-24T15:16:41.380", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/38c383ec6d37f4b5597f8e6a1f5c2ab31ea01d3a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/87bc3557c708110d83086bf091328271298a44e3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{}