CVE-2026-31604
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the structures are needed after disconnect. This driver takes a reference to the USB device during probe but does not to release it on all probe errors (e.g. when descriptor parsing fails). Drop the redundant device reference to fix the leak, reduce cargo culting, make it easier to spot drivers where an extra reference is needed, and reduce the risk of further memory leaks.
EPSS 0.02% · 3.4th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 0, 0, 0 |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
Exploit Intelligence
- https://git.kernel.org/stable/c/a4f4371d194dfa5473cc961f86194084b1b13a69 (circl)
- https://git.kernel.org/stable/c/89a9c1bc7d797120bcc290864e0cb10a440a677f (circl)
- https://git.kernel.org/stable/c/af7307e96dad00bcc2675dac650d8558a52f2c6f (circl)
- https://git.kernel.org/stable/c/25a827b7e1d5747a255bdc757f1d3e9e1e8a4e2a (circl)
- 4694.0.0.yml (github-poc)
- 4694.0.0.yml (github-poc)
- 4694.0.0.yml (github-poc)
- 4694.0.0.yml (github-poc)
- 4694.0.0.yml (github-poc)
Timeline
- Apr 24, 2026 CVE Published
- Apr 24, 2026 Security Advisory
- Apr 27, 2026 Security Advisory
- Apr 29, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/a4f4371d194dfa5473cc961f86194084b1b13a69 url
- https://git.kernel.org/stable/c/89a9c1bc7d797120bcc290864e0cb10a440a677f url
- https://git.kernel.org/stable/c/af7307e96dad00bcc2675dac650d8558a52f2c6f url
- https://git.kernel.org/stable/c/25a827b7e1d5747a255bdc757f1d3e9e1e8a4e2a url
- https://nvd.nist.gov/vuln/detail/CVE-2026-31604 advisory
- https://lists.debian.org/debian-security-announce/2026/msg00154.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00148.html advisory