{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31506", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.105Z", "datePublished": "2026-04-22T13:54:25.219Z", "dateUpdated": "2026-05-11T22:10:06.275Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:10:06.275Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmasp: fix double free of WoL irq\n\nWe do not need to free wol_irq since it was instantiated with\ndevm_request_irq(). So devres will free for us."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/broadcom/asp2/bcmasp.c"], "versions": [{"version": "a2f0751206b03374f6d02f89c18a60f1bb238fea", "lessThan": "121a6ad9cd42ba3bfc57deae93e3326515c2afe1", "status": "affected", "versionType": "git"}, {"version": "a2f0751206b03374f6d02f89c18a60f1bb238fea", "lessThan": "9e5f5c07cc7d66522f8c9676c28605eba5d4a20e", "status": "affected", "versionType": "git"}, {"version": "a2f0751206b03374f6d02f89c18a60f1bb238fea", "lessThan": "8a30509ce6a29bdf18e0802383c524a7b2357ec0", "status": "affected", "versionType": "git"}, {"version": "a2f0751206b03374f6d02f89c18a60f1bb238fea", "lessThan": "cbfa5be2bf64511d49b854a0f9fd6d0b5118621f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/broadcom/asp2/bcmasp.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/121a6ad9cd42ba3bfc57deae93e3326515c2afe1"}, {"url": "https://git.kernel.org/stable/c/9e5f5c07cc7d66522f8c9676c28605eba5d4a20e"}, {"url": "https://git.kernel.org/stable/c/8a30509ce6a29bdf18e0802383c524a7b2357ec0"}, {"url": "https://git.kernel.org/stable/c/cbfa5be2bf64511d49b854a0f9fd6d0b5118621f"}], "title": "net: bcmasp: fix double free of WoL irq", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "335C19E6-705A-477D-9011-580DF15CBF75", "versionEndExcluding": "6.12.80", "versionStartIncluding": "6.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED39847A-3B46-4729-B7CA-B2C30B9FA8FE", "versionEndExcluding": "6.18.21", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA2E747-A9EC-4518-9AA2-B4247FC748B7", "versionEndExcluding": "6.19.11", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:-:*:*:*:*:*:*", "matchCriteriaId": "E346B162-D566-4E62-ABDE-ECBFB21B8BFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmasp: fix double free of WoL irq\n\nWe do not need to free wol_irq since it was instantiated with\ndevm_request_irq(). So devres will free for us."}], "id": "CVE-2026-31506", "lastModified": "2026-04-28T15:05:54.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T14:16:49.397", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/121a6ad9cd42ba3bfc57deae93e3326515c2afe1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8a30509ce6a29bdf18e0802383c524a7b2357ec0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e5f5c07cc7d66522f8c9676c28605eba5d4a20e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cbfa5be2bf64511d49b854a0f9fd6d0b5118621f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: bcmasp: fix double free of WoL irq", "id": "2460711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460711"}, "csaw": false, "cwe": "CWE-1341", "details": ["A flaw was found in the Linux kernel's bcmasp component. This vulnerability involves a double free error in the handling of the Wake-on-LAN (WoL) interrupt request (irq). An attacker could potentially exploit this to cause memory corruption, leading to a denial of service (DoS) or, in more severe cases, arbitrary code execution."], "name": "CVE-2026-31506", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31506\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31506\nhttps://lore.kernel.org/linux-cve-announce/2026042207-CVE-2026-31506-31d7@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[a2f0751206b03374f6d02f89c18a60f1bb238fea,121a6ad9cd42ba3bfc57deae93e3326515c2afe1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[a2f0751206b03374f6d02f89c18a60f1bb238fea,9e5f5c07cc7d66522f8c9676c28605eba5d4a20e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[a2f0751206b03374f6d02f89c18a60f1bb238fea,8a30509ce6a29bdf18e0802383c524a7b2357ec0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[a2f0751206b03374f6d02f89c18a60f1bb238fea,cbfa5be2bf64511d49b854a0f9fd6d0b5118621f)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.6"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.6)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.12.80,6.12.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.21,6.18.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19.11,6.19.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-29T03:50:52.071473+00:00", "value": {"mitigation_remediation": ["Apply the kernel patch that removes the double\u2011free error, directly fixing the CWE\u2011415 weakness.", "If updating the kernel is not possible, disable Wake\u2011on\u2011LAN for the affected NIC devices to avoid executing the buggy code that could trigger a double\u2011free (CWE\u2011415).", "If the bcmasp driver is not required in your environment, unload or blacklist the driver to prevent the double free from being exercised."], "summary": {"action": "Apply Patch", "impact": "Potential Denial of Service, inferred from the double\u2011free bug"}, "threat_synthesis": {"affected_systems": "Linux kernel installations that include the bcmasp driver may be vulnerable. No specific kernel version range is listed, but any kernel containing the bcmasp driver before the commit 121a6ad9cd42ba3bfc57deae93e3326515c2afe1 could be impacted.", "description_and_impact": "The Linux kernel bcmasp driver had a double\u2011free bug involving the WoL IRQ resource. Because the IRQ was allocated with devm_request_irq, the device resource manager would automatically free it, making the manual free call redundant. The double free corresponds to CWE\u2011415 (Double Free). Removing the erroneous free prevents this undefined behavior, thereby addressing the core weakness in the driver.", "risk_and_exploitability": "The EPSS score is <1%, and the issue is not listed in the CISA KEV catalog. Based on the description, the CVSS score of 7.8 indicates that a double free could potentially lead to kernel crashes or memory corruption. It is inferred that exploitation would likely require manipulating the bcmasp driver's WoL functionality, implying local access to the affected machine."}}}}, "created": "2026-04-22T18:15:15.251044+00:00", "updated": "2026-04-29T04:00:13.094548+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}