CVE-2026-31651 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

mmc: vub300: fix NULL-deref on disconnect

Make sure to deregister the controller before dropping the reference to
the driver data on disconnect to avoid NULL-pointer dereferences or
use-after-free.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`88095e7b473a3d9ec3b9c60429576e9cbd327c89`	affected	< 6446516e626ce7c44bdadbcbb3d7677a2c52ce93
`88095e7b473a3d9ec3b9c60429576e9cbd327c89`	affected	< ba3b9429de94958dc0060d9816a915dd75c34919
`88095e7b473a3d9ec3b9c60429576e9cbd327c89`	affected	< 517b58e1d067115f80d198feee10192da4c424d0
`88095e7b473a3d9ec3b9c60429576e9cbd327c89`	affected	< 6468cab1173f44f7a4b7a05ce8abfdfd1ce1557a
`88095e7b473a3d9ec3b9c60429576e9cbd327c89`	affected	< 53f2642d77ab5f1f303388bff5500363c6cf962c
`88095e7b473a3d9ec3b9c60429576e9cbd327c89`	affected	< c83a282615d8f7ba28cebddd54600b419d562d82
`88095e7b473a3d9ec3b9c60429576e9cbd327c89`	affected	< 8d09e75759cb2afc0732acfb5a14a93c03805a61
`88095e7b473a3d9ec3b9c60429576e9cbd327c89`	affected	< dff34ef879c5e73298443956a8b391311ba78d57

Linux

affected

Version	Status	Constraints
`3.0`	affected	—
`0`	unaffected	< 3.0
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.169`	unaffected	≤ 6.1.*
`6.6.135`	unaffected	≤ 6.6.*
`6.12.82`	unaffected	≤ 6.12.*
`6.18.23`	unaffected	≤ 6.18.*
`6.19.13`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/517b58e1d067115f80d198feee10192da4c424d0
https://git.kernel.org/stable/c/53f2642d77ab5f1f303388bff5500363c6cf962c
https://git.kernel.org/stable/c/6446516e626ce7c44bdadbcbb3d7677a2c52ce93
https://git.kernel.org/stable/c/6468cab1173f44f7a4b7a05ce8abfdfd1ce1557a
https://git.kernel.org/stable/c/8d09e75759cb2afc0732acfb5a14a93c03805a61
https://git.kernel.org/stable/c/ba3b9429de94958dc0060d9816a915dd75c34919
https://git.kernel.org/stable/c/c83a282615d8f7ba28cebddd54600b419d562d82
https://git.kernel.org/stable/c/dff34ef879c5e73298443956a8b391311ba78d57
https://lore.kernel.org/linux-cve-announce/2026042400-CVE-2026-31651-6fe7@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31651
https://www.cve.org/CVERecord?id=CVE-2026-31651

History

Sat, 25 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
References		https://lore.kernel.org/linux-cve-announce/2026042400-CVE-2026-31651-6fe7@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31651 https://www.cve.org/CVERecord?id=CVE-2026-31651

Fri, 24 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix NULL-deref on disconnect Make sure to deregister the controller before dropping the reference to the driver data on disconnect to avoid NULL-pointer dereferences or use-after-free.
Title		mmc: vub300: fix NULL-deref on disconnect
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/517b58e1d067115f80d198feee10192da4c424d0 https://git.kernel.org/stable/c/53f2642d77ab5f1f303388bff5500363c6cf962c https://git.kernel.org/stable/c/6446516e626ce7c44bdadbcbb3d7677a2c52ce93 https://git.kernel.org/stable/c/6468cab1173f44f7a4b7a05ce8abfdfd1ce1557a https://git.kernel.org/stable/c/8d09e75759cb2afc0732acfb5a14a93c03805a61 https://git.kernel.org/stable/c/ba3b9429de94958dc0060d9816a915dd75c34919 https://git.kernel.org/stable/c/c83a282615d8f7ba28cebddd54600b419d562d82 https://git.kernel.org/stable/c/dff34ef879c5e73298443956a8b391311ba78d57

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-24T14:45:03.905Z

Updated: 2026-04-24T14:45:03.905Z

Reserved: 2026-03-09T15:48:24.128Z

Link: CVE-2026-31651

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-04-24T15:16:44.573

Modified: 2026-04-24T17:51:40.810

Link: CVE-2026-31651

Redhat

Severity :

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31651 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object