Cyber Resilience

CVE-2026-31582

High

Published: 24 April 2026

Published
24 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31582 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2026-31582 is a use-after-free vulnerability in the Linux kernel's hwmon subsystem, specifically the powerz driver for USB power monitoring devices. The issue occurs when powerz_disconnect() frees the URB (USB Request Block) and releases the mutex, allowing a subsequent powerz_read() call to acquire the mutex and invoke powerz_read_data(), which dereferences the already-freed URB pointer. This flaw, classified under CWE-416, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability by triggering a USB disconnect event on a powerz device while concurrently attempting read operations. Successful exploitation could lead to arbitrary code execution, data corruption, or kernel crashes, as the use-after-free allows manipulation of freed memory, potentially granting high confidentiality, integrity, and availability impacts.

The provided kernel patch commits detail the mitigation steps: setting priv->urb to NULL in powerz_disconnect() to indicate disconnection, adding a !priv->urb check at the start of powerz_read_data() to return -ENODEV for disconnected devices, and relocating usb_set_intfdata() before hwmon registration to ensure the disconnect handler can reliably access the priv pointer. Security practitioners should apply the relevant stable kernel updates from the referenced git commits to affected systems.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Fix use-after-free on USB disconnect After powerz_disconnect() frees the URB and releases the mutex, a subsequent powerz_read() call can acquire the mutex and call powerz_read_data(), which dereferences the…

more

freed URB pointer. Fix by: - Setting priv->urb to NULL in powerz_disconnect() so that powerz_read_data() can detect the disconnected state. - Adding a !priv->urb check at the start of powerz_read_data() to return -ENODEV on a disconnected device. - Moving usb_set_intfdata() before hwmon registration so the disconnect handler can always find the priv pointer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel use-after-free in USB/hwmon driver directly provides arbitrary code execution primitive for privilege escalation from low-privileged user context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel
CVE-2026-23001Same product: Linux Linux Kernel
CVE-2024-50051Same product: Linux Linux Kernel
CVE-2025-21759Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
≤ 6.12.83 · 6.13 — 6.18.24 · 6.19 — 6.19.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free vulnerability in the powerz driver by requiring timely application of the kernel patch that nulls the URB pointer, adds disconnect checks, and ensures proper interface data handling.

prevent

Implements memory protection mechanisms like address space layout randomization and data execution prevention to mitigate exploitation of the use-after-free dereference in powerz_read_data.

detect

Vulnerability scanning identifies systems with vulnerable Linux kernel versions affected by CVE-2026-31582, enabling proactive remediation before local exploitation via USB disconnect races.

References