Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-euxu-gjpw-8yhs
Vulnerability ID VCID-euxu-gjpw-8yhs
Aliases CVE-2026-31582
Summary In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Fix use-after-free on USB disconnect After powerz_disconnect() frees the URB and releases the mutex, a subsequent powerz_read() call can acquire the mutex and call powerz_read_data(), which dereferences the freed URB pointer. Fix by: - Setting priv->urb to NULL in powerz_disconnect() so that powerz_read_data() can detect the disconnected state. - Adding a !priv->urb check at the start of powerz_read_data() to return -ENODEV on a disconnected device. - Moving usb_set_intfdata() before hwmon registration so the disconnect handler can always find the priv pointer.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-825 Expired Pointer Dereference
System Score Found at
epss 0.00012 https://api.first.org/data/v1/epss?cve=CVE-2026-31582
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2026-31582
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31582.json
https://api.first.org/data/v1/epss?cve=CVE-2026-31582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31582
2461538 https://bugzilla.redhat.com/show_bug.cgi?id=2461538
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.01773
EPSS Score 0.00012
Published At April 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-25T23:21:30.656518+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.4.0