Skip to main content

Linux Kernel CVE-2026-31761

| EUVDEUVD-2026-26574 HIGH
Race Condition (CWE-362)
2026-05-01 Linux
7.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 03, 2026 - 07:29 vuln.today
CVSS changed
May 03, 2026 - 07:22 NVD
7.8 (HIGH)
Patch released
May 03, 2026 - 07:16 nvd
Patch available
Patch available
May 01, 2026 - 16:33 EUVD
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26574
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 14:14 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

iio: gyro: mpu3050: Move iio_device_register() to correct location

iio_device_register() should be at the end of the probe function to prevent race conditions.

Place iio_device_register() at the end of the probe function and place iio_device_unregister() accordingly.

AnalysisAI

Race condition in the Linux kernel MPU3050 gyroscope driver allows local attackers with low privileges to potentially achieve code execution, data corruption, or information disclosure. The vulnerability stems from premature registration of the IIO device before complete initialization in the probe function, creating a window where userspace can interact with incompletely configured hardware. While CVSS rates this 7.8 HIGH with local attack vector, EPSS score of 0.02% (7th percentile) indicates extremely low probability of active exploitation. Patches available across all maintained kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code.

Technical ContextAI

This vulnerability affects the Industrial I/O (IIO) subsystem in the Linux kernel, specifically the driver for the InvenSense MPU3050 three-axis gyroscope sensor (drivers/iio/gyro/mpu3050.c). The IIO framework provides a unified interface for industrial sensors in Linux. The flaw is a classic initialization race condition: the probe function called iio_device_register() too early, before completing all driver initialization tasks. This violated the kernel driver model best practice that device registration must be the final step in probe(). The gap between registration and full initialization creates a time-of-check-to-time-of-use (TOCTOU) race where userspace processes can access the device via /dev/iio:deviceX or sysfs before critical data structures, locks, or hardware state are fully configured. The vulnerability was introduced in commit 3904b28efb2c and exists in kernel versions from 4.10 onward. While no specific CWE is assigned, this falls under CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization).

RemediationAI

Primary fix: upgrade to patched kernel versions 5.10.253+ (if on 5.10 LTS), 5.15.203+ (if on 5.15 LTS), 6.1.168+ (if on 6.1 LTS), 6.6.134+, 6.12.81+, 6.18.22+, 6.19.12+, or 7.0+. Patches available from all major distributions and at https://git.kernel.org/stable/. For systems that cannot immediately patch: Workaround 1 - Blacklist the mpu3050 kernel module (add 'blacklist mpu3050' to /etc/modprobe.d/blacklist.conf and rebuild initramfs) if the gyroscope hardware is not operationally required; this completely removes the attack surface but disables gyroscope functionality. Workaround 2 - Restrict /dev/iio:device* access permissions to root only via udev rules, though this may break legitimate applications expecting unprivileged sensor access and does not fully close the race window. Workaround 3 - For containerized workloads, use device cgroup controls to prevent container access to IIO subsystem devices. Verify module is loaded with 'lsmod | grep mpu3050' and check for MPU3050 hardware presence via 'ls /sys/bus/iio/devices/' before applying mitigations.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31761 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy