CVE-2026-31604 | Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0 USB Interface memory leak

VDB-359393 · CVE-2026-31604 · GCVE-0-2026-31604 LINUX KERNEL UP TO 6.12.82/6.18.23/6.19.13/7.0.0 USB INTERFACE MEMORY LEAK HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.5 $0-$5k 1.15+ Summaryinfo A vulnerability classified as critical has been found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. Affected by this issue is some unknown functionality of the component USB Interface. The manipulation leads to memory leak. This vulnerability is listed as CVE-2026-31604. There is no available exploit. It is recommended to upgrade the affected component. Detailsinfo A vulnerability was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0 and classified as critical. This issue affects some unknown processing of the component USB Interface. The manipulation with an unknown input leads to a memory leak vulnerability. Using CWE to declare the problem leads to CWE-401. The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. Impacted is availability. The summary by CVE is: In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the structures are needed after disconnect. This driver takes a reference to the USB device during probe but does not to release it on all probe errors (e.g. when descriptor parsing fails). Drop the redundant device reference to fix the leak, reduce cargo culting, make it easier to spot drivers where an extra reference is needed, and reduce the risk of further memory leaks. The advisory is shared at git.kernel.org. The identification of this vulnerability is CVE-2026-31604 since 03/09/2026. Neither technical details nor an exploit are publicly available. Upgrading to version 6.12.83, 6.18.24, 6.19.14 or 7.0.1 eliminates this vulnerability. Applying the patch a4f4371d194dfa5473cc961f86194084b1b13a69/89a9c1bc7d797120bcc290864e0cb10a440a677f/af7307e96dad00bcc2675dac650d8558a52f2c6f/25a827b7e1d5747a255bdc757f1d3e9e1e8a4e2a is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version. Productinfo Type Operating System Vendor Linux Name Kernel Version 6.12.0 6.12.1 6.12.2 6.12.3 6.12.4 6.12.5 6.12.6 6.12.7 6.12.8 6.12.9 6.12.10 6.12.11 6.12.12 6.12.13 6.12.14 6.12.15 6.12.16 6.12.17 6.12.18 6.12.19 6.12.20 6.12.21 6.12.22 6.12.23 6.12.24 6.12.25 6.12.26 6.12.27 6.12.28 6.12.29 6.12.30 6.12.31 6.12.32 6.12.33 6.12.34 6.12.35 6.12.36 6.12.37 6.12.38 6.12.39 6.12.40 6.12.41 6.12.42 6.12.43 6.12.44 6.12.45 6.12.46 6.12.47 6.12.48 6.12.49 6.12.50 6.12.51 6.12.52 6.12.53 6.12.54 6.12.55 6.12.56 6.12.57 6.12.58 6.12.59 6.12.60 6.12.61 6.12.62 6.12.63 6.12.64 6.12.65 6.12.66 6.12.67 6.12.68 6.12.69 6.12.70 6.12.71 6.12.72 6.12.73 6.12.74 6.12.75 6.12.76 6.12.77 6.12.78 6.12.79 6.12.80 6.12.81 6.12.82 6.18.0 6.18.1 6.18.2 6.18.3 6.18.4 6.18.5 6.18.6 6.18.7 6.18.8 6.18.9 6.18.10 6.18.11 6.18.12 6.18.13 6.18.14 6.18.15 6.18.16 6.18.17 6.18.18 6.18.19 6.18.20 6.18.21 6.18.22 6.18.23 6.19.0 6.19.1 6.19.2 6.19.3 6.19.4 6.19.5 6.19.6 6.19.7 6.19.8 6.19.9 6.19.10 6.19.11 6.19.12 6.19.13 7.0 License open-source Website Vendor: https://www.kernel.org/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.7 VulDB Meta Temp Score: 5.5 VulDB Base Score: 5.7 VulDB Temp Score: 5.5 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Memory leak CWE: CWE-401 / CWE-404 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: Kernel 6.12.83/6.18.24/6.19.14/7.0.1 Patch: a4f4371d194dfa5473cc961f86194084b1b13a69/89a9c1bc7d797120bcc290864e0cb10a440a677f/af7307e96dad00bcc2675dac650d8558a52f2c6f/25a827b7e1d5747a255bdc757f1d3e9e1e8a4e2a Timelineinfo 03/09/2026 CVE reserved 04/24/2026 +45 days Advisory disclosed 04/24/2026 +0 days VulDB entry created 04/24/2026 +0 days VulDB entry last update Sourcesinfo Vendor: kernel.org Advisory: git.kernel.org Status: Confirmed CVE: CVE-2026-31604 (🔒) GCVE (CVE): GCVE-0-2026-31604 GCVE (VulDB): GCVE-100-359393 Entryinfo Created: 04/24/2026 17:53 Changes: 04/24/2026 17:53 (58) Complete: 🔍 Cache ID: 99:D15:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸