CVE-2026-31759 POC (Proof-of-Concept)

In the Linux kernel, the following vulnerability has been resolved:
usb: ulpi: fix double free in ulpi_register_interface() error path
When device_register() fails, ulpi_register() calls put_device() on
ulpi->dev.
The device release callback ulpi_dev_release() drops the OF node
reference and frees ulpi, but the current error path in
ulpi_register_interface() then calls kfree(ulpi) again, causing a
double free.
Let put_device() handle the cleanup through ulpi_dev_release() and
avoid freeing ulpi again in ulpi_register_interface().

Published: 2026-05-01

CVSS: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Download CVE-2026-31759 POC (Proof-of-Concept) here:

http://zeroday6mns52t72y3rsle7f72wca5uwn2xzktdysf72flozx7sv4mqd.onion/exploit-for-cve-2026-31759.779/

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

https://hokyo.gr/poc-346-cve-2026-42437/

https://hokyo.gr/poc-673-cve-2026-42216/