CVE-2026-31687
Awaiting Analysis Awaiting Analysis - Queue
Deadlock Vulnerability in Linux OMAP GPIO Driver Registration

Publication date: 2026-04-27

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omap_mpuio_driver from omap_mpuio_init(), which is called from omap_gpio_probe(). However, it neither makes sense to register drivers from probe() callbacks of other drivers, nor does the driver core allow registering drivers with a device lock already being held. The latter was revealed by commit dc23806a7c47 ("driver core: enforce device_lock for driver_match_device()") leading to a potential deadlock condition described in [1]. Additionally, the omap_mpuio_driver is never unregistered from the driver core, even if the module is unloaded. Hence, register the omap_mpuio_driver from the module initcall and unregister it in module_exit().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31687
EUVD
EUVD-2026-25884
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 5.16 (inc) to 6.1.164 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 5.11 (inc) to 5.15.201 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.125 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.72 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.11 (exc)
linux linux_kernel From 2.6.22 (inc) to 5.10.251 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's handling of the omap_mpuio_driver registration. The driver was incorrectly registered within a probe() callback of another driver, which is not appropriate and can cause issues. Specifically, registering drivers while a device lock is held can lead to a deadlock condition. Additionally, the omap_mpuio_driver was never unregistered from the driver core even when the module was unloaded, which is improper behavior.

The fix involved moving the registration of the omap_mpuio_driver from the probe() callback to the module initialization function (module initcall) and ensuring it is properly unregistered during module exit.

Impact Analysis

This vulnerability can cause a deadlock condition in the Linux kernel due to improper driver registration while holding a device lock. Deadlocks can lead to system instability, freezes, or crashes, potentially affecting system availability and reliability.

Additionally, the failure to unregister the driver when the module is unloaded can lead to resource leaks or inconsistent driver states, which may further impact system stability.

Mitigation Strategies

The vulnerability involves improper registration of the omap_mpuio_driver within the Linux kernel, which can lead to deadlock conditions and driver core issues.

To mitigate this vulnerability, ensure that the omap_mpuio_driver is registered from the module initcall rather than from probe callbacks, and that it is properly unregistered in the module_exit() function.

This means updating the kernel to include the fix that moves driver registration out of probe() and into module initialization and cleanup routines.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31687. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart