CVE-2026-31486
Essential information
- Published
- 22/04/2026 14:16
- Modified
- 23/04/2026 16:17
- Author
- —
- Creator
- —
- CVSS
- 7.1 HIGH (v3.1)
- CISA KEV
- No
- CWE
- CWE-667
- CVSS vector
-
—
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- LOCAL
- Attack complexity
- LOW
- Privileges required
- LOW
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- NONE
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (pmbus/core) Protect regulator operations with mutex
The regulator operations pmbus_regulator_get_voltage(),
pmbus_regulator_set_voltage(), and pmbus_regulator_list_voltage()
access PMBus registers and shared data but were not protected by
the update_lock mutex. This could lead to race conditions.
However, adding mutex protection directly to these functions causes
a deadlock because pmbus_regulator_notify() (which calls
regulator_notifier_call_chain()) is often called with the mutex
already held (e.g., from pmbus_fault_handler()). If a regulator
callback then calls one of the now-protected voltage functions,
it will attempt to acquire the same mutex.
Rework pmbus_regulator_notify() to utilize a worker function to
send notifications outside of the mutex protection. Events are
stored as atomics in a per-page bitmask and processed by the worker.
Initialize the worker and its associated data during regulator
registration, and ensure it is cancelled on device removal using
devm_add_action_or_reset().
While at it, remove the unnecessary include of linux/of.h.
NVD status
- Status
- Modified — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- nist-nvd-api
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:3.19:-:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* |
| linux / linux kernel | cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:* |