CVE-2026-31740

MEDIUM EPSS 2.3%
Published May 1, 20262mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member The counter driver can use HW channels 1 and 2, while the PWM driver can use HW channels 0, 1, 2, 3, 4, 6, 7. The dev member is assigned both by the counter driver and the PWM driver for channels 1 and 2, to their own struct device instance, overwriting the previous value. The sub-drivers race to assign their own struct device pointer to the same struct rz_mtu3_channel's dev member. The dev member of struct rz_mtu3_channel is used by the counter sub-driver for runtime PM. Depending on the probe order of the counter and PWM sub-drivers, the dev member may point to the wrong struct device instance, causing the counter sub-driver to do runtime PM actions on the wrong device. To fix this, use the parent pointer of the counter, which is assigned during probe to the correct struct device, not the struct device pointer inside the shared struct rz_mtu3_channel.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥6.4  –  <6.6.134
linuxlinux_kernel*≥6.7  –  <6.12.81
linuxlinux_kernel*≥6.13  –  <6.18.22
linuxlinux_kernel*≥6.19  –  <6.19.12
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/28a371be901ef44ee03726c2575d7d6795521fe0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2932095c114b98cbb40ccf34fc00d613cb17cead
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/633dfbf0eb2766c597c1a59dd83035c82e14791d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/63be324c795262f0e316c6fe9b329d83afa1ec93
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6562290225c197e2e193a53de2a517815288dcd1
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/28a371be901ef44ee03726c2575d7d6795521fe0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2932095c114b98cbb40ccf34fc00d613cb17cead
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/633dfbf0eb2766c597c1a59dd83035c82e14791d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/63be324c795262f0e316c6fe9b329d83afa1ec93
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6562290225c197e2e193a53de2a517815288dcd1
    Patch