{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31651", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.128Z", "datePublished": "2026-04-24T14:45:03.905Z", "dateUpdated": "2026-05-11T22:12:56.346Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:12:56.346Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: vub300: fix NULL-deref on disconnect\n\nMake sure to deregister the controller before dropping the reference to\nthe driver data on disconnect to avoid NULL-pointer dereferences or\nuse-after-free."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/host/vub300.c"], "versions": [{"version": "88095e7b473a3d9ec3b9c60429576e9cbd327c89", "lessThan": "6446516e626ce7c44bdadbcbb3d7677a2c52ce93", "status": "affected", "versionType": "git"}, {"version": "88095e7b473a3d9ec3b9c60429576e9cbd327c89", "lessThan": "ba3b9429de94958dc0060d9816a915dd75c34919", "status": "affected", "versionType": "git"}, {"version": "88095e7b473a3d9ec3b9c60429576e9cbd327c89", "lessThan": "517b58e1d067115f80d198feee10192da4c424d0", "status": "affected", "versionType": "git"}, {"version": "88095e7b473a3d9ec3b9c60429576e9cbd327c89", "lessThan": "6468cab1173f44f7a4b7a05ce8abfdfd1ce1557a", "status": "affected", "versionType": "git"}, {"version": "88095e7b473a3d9ec3b9c60429576e9cbd327c89", "lessThan": "53f2642d77ab5f1f303388bff5500363c6cf962c", "status": "affected", "versionType": "git"}, {"version": "88095e7b473a3d9ec3b9c60429576e9cbd327c89", "lessThan": "c83a282615d8f7ba28cebddd54600b419d562d82", "status": "affected", "versionType": "git"}, {"version": "88095e7b473a3d9ec3b9c60429576e9cbd327c89", "lessThan": "8d09e75759cb2afc0732acfb5a14a93c03805a61", "status": "affected", "versionType": "git"}, {"version": "88095e7b473a3d9ec3b9c60429576e9cbd327c89", "lessThan": "dff34ef879c5e73298443956a8b391311ba78d57", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/host/vub300.c"], "versions": [{"version": "3.0", "status": "affected"}, {"version": "0", "lessThan": "3.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.169", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.135", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.82", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.23", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.13", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.1.169"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.6.135"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.12.82"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.18.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.19.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6446516e626ce7c44bdadbcbb3d7677a2c52ce93"}, {"url": "https://git.kernel.org/stable/c/ba3b9429de94958dc0060d9816a915dd75c34919"}, {"url": "https://git.kernel.org/stable/c/517b58e1d067115f80d198feee10192da4c424d0"}, {"url": "https://git.kernel.org/stable/c/6468cab1173f44f7a4b7a05ce8abfdfd1ce1557a"}, {"url": "https://git.kernel.org/stable/c/53f2642d77ab5f1f303388bff5500363c6cf962c"}, {"url": "https://git.kernel.org/stable/c/c83a282615d8f7ba28cebddd54600b419d562d82"}, {"url": "https://git.kernel.org/stable/c/8d09e75759cb2afc0732acfb5a14a93c03805a61"}, {"url": "https://git.kernel.org/stable/c/dff34ef879c5e73298443956a8b391311ba78d57"}], "title": "mmc: vub300: fix NULL-deref on disconnect", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9DAAC1B-DEB7-46CC-B206-48044C143468", "versionEndExcluding": "5.10.253", "versionStartIncluding": "3.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20DDB3E9-AABF-4107-ADB0-5362AA067045", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBEC0E5D-641C-4E98-A6D9-5799B10CE451", "versionEndExcluding": "6.1.169", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15C1A1B2-14EE-494C-AF3E-D5A7BA640B39", "versionEndExcluding": "6.6.135", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "02904CAE-71D2-45B3-9EC3-F6A9D18B6307", "versionEndExcluding": "6.12.82", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9E09FDD-9EE3-4A56-92E2-2B30AFD0072F", "versionEndExcluding": "6.18.23", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1490EF9B-9080-481C-8D22-1306AAE664E4", "versionEndExcluding": "6.19.13", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:-:*:*:*:*:*:*", "matchCriteriaId": "2E4912EC-CC92-41CA-A2DA-027291975A84", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: vub300: fix NULL-deref on disconnect\n\nMake sure to deregister the controller before dropping the reference to\nthe driver data on disconnect to avoid NULL-pointer dereferences or\nuse-after-free."}], "id": "CVE-2026-31651", "lastModified": "2026-04-27T20:14:45.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T15:16:44.573", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/517b58e1d067115f80d198feee10192da4c424d0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/53f2642d77ab5f1f303388bff5500363c6cf962c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6446516e626ce7c44bdadbcbb3d7677a2c52ce93"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6468cab1173f44f7a4b7a05ce8abfdfd1ce1557a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8d09e75759cb2afc0732acfb5a14a93c03805a61"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ba3b9429de94958dc0060d9816a915dd75c34919"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c83a282615d8f7ba28cebddd54600b419d562d82"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dff34ef879c5e73298443956a8b391311ba78d57"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: mmc: vub300: fix NULL-deref on disconnect", "id": "2461543", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461543"}, "csaw": false, "cwe": "CWE-476", "details": ["A flaw was found in the Linux kernel's mmc: vub300 driver. This vulnerability allows a local attacker to trigger a NULL-pointer dereference or use-after-free condition during device disconnection. Successful exploitation could lead to a system crash, resulting in a denial of service."], "name": "CVE-2026-31651", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31651\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31651\nhttps://lore.kernel.org/linux-cve-announce/2026042400-CVE-2026-31651-6fe7@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88095e7b473a3d9ec3b9c60429576e9cbd327c89,6446516e626ce7c44bdadbcbb3d7677a2c52ce93)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88095e7b473a3d9ec3b9c60429576e9cbd327c89,ba3b9429de94958dc0060d9816a915dd75c34919)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88095e7b473a3d9ec3b9c60429576e9cbd327c89,53f2642d77ab5f1f303388bff5500363c6cf962c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88095e7b473a3d9ec3b9c60429576e9cbd327c89,6468cab1173f44f7a4b7a05ce8abfdfd1ce1557a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88095e7b473a3d9ec3b9c60429576e9cbd327c89,53f2642d77ab5f1f303388bff5500363c6cf962c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88095e7b473a3d9ec3b9c60429576e9cbd327c89,c83a282615d8f7ba28cebddd54600b419d562d82)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88095e7b473a3d9ec3b9c60429576e9cbd327c89,8d09e75759cb2afc0732acfb5a14a93c03805a61)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88095e7b473a3d9ec3b9c60429576e9cbd327c89,dff34ef879c5e73298443956a8b391311ba78d57)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,3.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.253,5.11.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.203,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.169,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.135,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.82,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.23,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.13,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T20:04:09.571655+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a release that incorporates the vub300 NULL\u2011dereference fix.", "Ensure that any MMC drivers in use deregister controllers before decrementing reference counts during a disconnect.", "Disable or remove unused or legacy MMC controllers if they are not required for operation."], "summary": {"action": "Apply patch", "impact": "Kernel crash and use\u2011after\u2011free leading to instability"}, "threat_synthesis": {"affected_systems": "Affected systems are all Linux kernel versions that contain the vulnerable vub300 MMC driver before the patch was applied. The vulnerability is not tied to a specific kernel release but applies to any kernel in which the driver has not been updated to perform controller deregistration before releasing the reference on disconnect.", "description_and_impact": "The Linux kernel\u2019s MMC driver vub300 contains a NULL\u2011pointer dereference when the controller disconnects.\nIf a controller is not deregistered before the driver data reference count is decremented, a NULL dereference or use\u2011after\u2011free can occur.\nThis flaw can crash the kernel or provide denial of service; it may be exploitable by an attacker who can trigger a disconnect event, which is inferred from the need to cause a controller disconnect.\nThe weakness is a NULL pointer dereference, classified as CWE\u2011476.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% reflects a very low probability of exploitation in the wild.\nThe vulnerability is not listed in the CISA KEV catalog.\nAttackers would likely need local access to the system to trigger an MMC disconnect and exploit the flaw; this inference comes from the requirement to cause a controller disconnect.\nA successful exploit could cause a kernel panic."}}}}, "created": "2026-04-27T21:45:14.292125+00:00", "updated": "2026-04-28T20:15:26.797234+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}