CVE-2026-31550

Description

In the Linux kernel, the following vulnerability has been resolved: pmdomain: bcm: bcm2835-power: Increase ASB control timeout The bcm2835_asb_control() function uses a tight polling loop to wait for the ASB bridge to acknowledge a request. During intensive workloads, this handshake intermittently fails for V3D's master ASB on BCM2711, resulting in "Failed to disable ASB master for v3d" errors during runtime PM suspend. As a consequence, the failed power-off leaves V3D in a broken state, leading to bus faults or system hangs on later accesses. As the timeout is insufficient in some scenarios, increase the polling timeout from 1us to 5us, which is still negligible in the context of a power domain transition. Also, replace the open-coded ktime_get_ns()/ cpu_relax() polling loop with readl_poll_timeout_atomic().

CVSS v3.1 Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS — Exploit Prediction

0.0001

Probability of exploitation

0.02%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Affected Products

Vendor	Product	Versions
linux	linux_kernel	5.1.1 — 5.10.253
linux	linux_kernel	5.11 — 5.15.203
linux	linux_kernel	5.16 — 6.1.167
linux	linux_kernel	6.2 — 6.6.130
linux	linux_kernel	6.7 — 6.12.78
linux	linux_kernel	6.13 — 6.18.20
linux	linux_kernel	6.19 — 6.19.10
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All

References

Advisories & Patches

https://git.kernel.org/stable/c/0e84e74849d2d7e9b23a09c2d5e0d9357db1ca59 https://git.kernel.org/stable/c/18605b1b936b66b1f34dcf8e9ad4f1fbcf7a7c13 https://git.kernel.org/stable/c/572f17180f26619809b8e0593d926762aa8660ff https://git.kernel.org/stable/c/622ab02e955c35c125ff2b65d8327b2c52db8758 https://git.kernel.org/stable/c/9443202d91388026dbf7312972a74fbfd27ee82f https://git.kernel.org/stable/c/b826d2c0b0ecb844c84431ba6b502e744f5d919a https://git.kernel.org/stable/c/c5e734f6a0740dce92e7c919e632cb43fa5d4e53 https://git.kernel.org/stable/c/ea4fa54b83bb2e4a21e9026824bfe271b1a6ee1e

Frequently Asked Questions

What is CVE-2026-31550? +

In the Linux kernel, the following vulnerability has been resolved: pmdomain: bcm: bcm2835-power: Increase ASB control timeout The bcm2835_asb_control() function uses a tight polling loop to wait for the ASB bridge to acknowledge a request. During intensive workloads, this handshake intermittently fails for V3D's master ASB on BCM2711, resulting in "Failed to disable ASB master for v3d" errors during runtime PM suspend. As a consequence, the failed power-off leaves V3D in a broken state, leading to bus faults or system hangs on later accesses. As the timeout is insufficient in some scenarios, increase the polling timeout from 1us to 5us, which is still negligible in the context of a power domain transition. Also, replace the open-coded ktime_get_ns()/ cpu_relax() polling loop with readl_poll_timeout_atomic(). It has a CVSS v3.1 base score of 5.5 (MEDIUM).

How severe is CVE-2026-31550? +

CVE-2026-31550 has a CVSS v3.1 score of 5.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0001, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-31550? +

CVE-2026-31550 affects products from linux, specifically: linux_kernel. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-31550? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-9588 10.0

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. …

CVE-2025-57870 10.0

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This …

CVE-2025-34028 10.0

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when …

CVE-2024-25693 9.9

There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated …

CVE-2026-31657 9.8

In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace …

CVE-2026-31649 9.8

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbo_frm() …