Is CVE-2026-31604 actively exploited?

CVE-2026-31604 has no public evidence of in-the-wild exploitation as of 2026-04-29.

What is the CVSS score for CVE-2026-31604?

CVE-2026-31604 has a CVSS score of 5.5 (MEDIUM severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2026-31604?

Patch guidance is available from linux security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-31604.

CVE-2026-31604 - remediation guidance & executive summary

Q: Which products are affected by CVE-2026-31604?

5 products: linux linux kernel, linux linux kernel, linux linux kernel, linux linux kernel, linux linux kernel.

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while the interface is bound to a driver and there is no need to take additional references unless the structures are needed after disconnect. This driver takes a reference to the USB device during probe but does not to release it on all probe errors (e.g. when descriptor parsing fails). Drop the redundant device reference to fix the leak, reduce cargo culting, make it easier to spot drivers where an extra reference is needed, and reduce the risk of further memory leaks.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-401

Metadata

Primary Vendor: LINUX
Published: 4/24/2026
Last Modified: 4/29/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

linux : linux_kernellinux : linux_kernellinux : linux_kernellinux : linux_kernellinux : linux_kernel

Remediation Guidance

Executive Summary

View on NIST NVD