CVE-2026-31687

Source
https://cve.org/CVERecord?id=CVE-2026-31687
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31687.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-31687
Downstream
Published
2026-04-27T17:32:37.227Z
Modified
2026-05-18T05:59:54.630402711Z
Summary
gpio: omap: do not register driver in probe()
Details

In the Linux kernel, the following vulnerability has been resolved:

gpio: omap: do not register driver in probe()

Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omapmpuiodriver from omapmpuioinit(), which is called from omapgpioprobe().

However, it neither makes sense to register drivers from probe() callbacks of other drivers, nor does the driver core allow registering drivers with a device lock already being held.

The latter was revealed by commit dc23806a7c47 ("driver core: enforce devicelock for drivermatch_device()") leading to a potential deadlock condition described in [1].

Additionally, the omapmpuiodriver is never unregistered from the driver core, even if the module is unloaded.

Hence, register the omapmpuiodriver from the module initcall and unregister it in module_exit().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31687.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
11a78b7944963a8b052be46108d07a3ced9e2762
Fixed
57bcd3feffa79544c73a1a1872472389a391cc79
Fixed
86588916e1887a5edb8a9161cd7ae81e47a7ed25
Fixed
a29215961d833f4de33a09c3964d31ebc6083033
Fixed
1c04c3a4de8d4bcb9202f94c44f26c57c2572308
Fixed
2211d77892913804d16c28c7415b82804ab1e54c
Fixed
32f08c3ddd6dda6cbb6c9d715de10f21dccde50f
Fixed
730e5ebff40c852e3ea57b71bf02a4b89c69435f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
adc1796eced46b48e23ec200a219d635f33a38ee
Fixed
673dafb9a86349a12a93151fd467625614dc7e12
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cd0e0a76e40c2e77bcfc88291d00dca22b00158e
Fixed
a7fa9460b86f810913b6779461d0448e7c11214c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8d76b2488eb3cc0717ab81b60622cff4a5f90f79
Fixed
53a76425e0764421ba93bb9045d2e454667d5687
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bc82e5f4d7dc8237ae8cabc73aa46fc93c85d98c
Fixed
03db4dc9ad6eb91e640b517e00373ce877682854

Affected versions

v6.*
v6.12.72
v6.18.11
v6.19.1
v6.6.125

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31687.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.22
Fixed
5.10.251
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.201
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.164
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.125
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.6.126
Fixed
6.12.72
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.12.73
Fixed
6.18.11
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.18.12
Fixed
6.19.2

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31687.json"