CVE-2026-31506
Published: 22 April 2026
Summary
CVE-2026-31506 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-8 (System Component Inventory).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and correction of flaws like the double free in the bcmasp WoL IRQ handler through application of upstream kernel patches.
Enables proactive vulnerability scanning to identify systems running kernel versions affected by CVE-2026-31506, facilitating targeted remediation before local exploitation.
Maintains an inventory of system components including kernel versions to accurately identify and prioritize patching for the bcmasp double free vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Double-free in Linux kernel driver enables local memory corruption leading directly to privilege escalation (T1068) or endpoint DoS via system exploitation (T1499.004).
NVD Description
In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of WoL irq We do not need to free wol_irq since it was instantiated with devm_request_irq(). So devres will free for us.
Deeper analysisAI
CVE-2026-31506 is a double free vulnerability in the Linux kernel's bcmasp network driver, specifically affecting the handling of the Wake-on-LAN (WoL) IRQ. The issue arises because the wol_irq, instantiated via devm_request_irq(), is manually freed despite being managed by the device resource (devres) framework, leading to a double free condition classified under CWE-415. This flaw has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, such as kernel memory corruption, potential privilege escalation, or system denial of service.
Mitigation involves applying the upstream kernel patches referenced in the advisory, including commits such as 121a6ad9cd42ba3bfc57deae93e3326515c2afe1, 8a30509ce6a29bdf18e0802383c524a7b2357ec0, 9e5f5c07cc7d66522f8c9676c28605eba5d4a20e, and cbfa5be2bf64511d49b854a0f9fd6d0b5118621f from the Linux kernel stable repository, which correct the unnecessary manual freeing of the WoL IRQ.
Details
- CWE(s)