CVE-2026-31672

MEDIUM

wifi: rt2x00usb: fix devres lifetime

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00usb: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers are unbound without their devices being physically disconnected (e.g. on probe deferral or configuration changes). Fix the USB anchor lifetime so that it is released on driver unbind.

References (8)

Core 8

Core References

https://git.kernel.org/stable/c/64a457f6afbf15f984d95201a9a1e71eed3f9dd1

https://git.kernel.org/stable/c/65518a6965d527c53013947031f26754f6a4f6af

https://git.kernel.org/stable/c/15b233e33b35b927bd8d0044c15325564ea1ba24

https://git.kernel.org/stable/c/1de5c76bf40e9cdeebf54662f63011fb10fa452f

https://git.kernel.org/stable/c/b245db719bc7e57abf48bd5701662b270c3880f7

https://git.kernel.org/stable/c/e360d15fcb1e819eef49e3d4434d8050542eed16

https://git.kernel.org/stable/c/c99f198841b41735796e2ddfcd573783fb552eb9

https://git.kernel.org/stable/c/25369b22223d1c56e42a0cd4ac9137349d5a898e

Scores

CVSS v3 5.5

EPSS 0.0011

EPSS Percentile 1.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (21)

Linux/Linux < 4.7

Linux/Linux 4.7

Linux/Linux 5.10.253 - 5.10.*

Linux/Linux 5.15.203 - 5.15.*

Linux/Linux 6.1.169 - 6.1.*

Linux/Linux 6.12.82 - 6.12.*

Linux/Linux 6.18.23 - 6.18.*

Linux/Linux 6.19.13 - 6.19.*

Linux/Linux 6.6.135 - 6.6.*

Linux/Linux 7.0

... and 11 more

Published Apr 24, 2026

Tracked Since Apr 24, 2026