CVE-2026-31741

Source
https://cve.org/CVERecord?id=CVE-2026-31741
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31741.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-31741
Downstream
Published
2026-05-01T14:14:36.845Z
Modified
2026-06-18T03:56:32.066748453Z
Summary
counter: rz-mtu3-cnt: prevent counter from being toggled multiple times
Details

In the Linux kernel, the following vulnerability has been resolved:

counter: rz-mtu3-cnt: prevent counter from being toggled multiple times

Runtime PM counter is incremented / decremented each time the sysfs enable file is written to.

If user writes 0 to the sysfs enable file multiple times, runtime PM usage count underflows, generating the following message.

rz-mtu3-counter rz-mtu3-counter.0: Runtime PM usage count underflow!

At the same time, hardware registers end up being accessed with clocks off in rzmtu3terminate_counter() to disable an already disabled channel.

If user writes 1 to the sysfs enable file multiple times, runtime PM usage count will be incremented each time, requiring the same number of 0 writes to get it back to 0.

If user writes 0 to the sysfs enable file while PWM is in progress, PWM is stopped without counter being the owner of the underlying MTU3 channel.

Check against the cached countisenabled value and exit if the user is trying to set the same enable value.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31741.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0be8907359df4c62319f5cb2c6981ff0d9ebf35a
Fixed
885aa739a07ab45e90dfa997205acec97979ce4e
Fixed
ced8b48420eddb1251f93c22dc23fa136490b3cd
Fixed
e07237df8538b0ae98dce112e4f6db093d767f80
Fixed
f5f6f06d7e6d262026578b59ba7426eb04acce5d
Fixed
67c3f99bed6f422ba343d2b70a2eeeccdfd91bef

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31741.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.134
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.81
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.22
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.12

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31741.json"