CVE-2026-31687

MEDIUM
Published Apr 27, 2026 Modified May 6, 2026 CWE-667

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omap_mpuio_driver from omap_mpuio_init(), which is called from omap_gpio_probe(). However, it neither makes sense to register drivers from probe() callbacks of other drivers, nor does the driver core allow registering drivers with a device lock already being held. The latter was revealed by commit dc23806a7c47 ("driver core: enforce device_lock for driver_match_device()") leading to a potential deadlock condition described in [1]. Additionally, the omap_mpuio_driver is never unregistered from the driver core, even if the module is unloaded. Hence, register the omap_mpuio_driver from the module initcall and unregister it in module_exit().

CVSS v3.1 Score

5.5
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS — Exploit Prediction

0.0001
Probability of exploitation
0.02%
Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-667 CWE-667

Affected Products

Vendor Product
linux linux_kernel
linux linux_kernel
linux linux_kernel
linux linux_kernel
linux linux_kernel
linux linux_kernel
linux linux_kernel
linux linux_kernel
linux linux_kernel
linux linux_kernel
linux linux_kernel
linux linux_kernel
linux linux_kernel

References

Advisories & Patches

https://git.kernel.org/stable/c/03db4dc9ad6eb91e640b517e00373ce877682854 https://git.kernel.org/stable/c/1c04c3a4de8d4bcb9202f94c44f26c57c2572308 https://git.kernel.org/stable/c/2211d77892913804d16c28c7415b82804ab1e54c https://git.kernel.org/stable/c/32f08c3ddd6dda6cbb6c9d715de10f21dccde50f https://git.kernel.org/stable/c/53a76425e0764421ba93bb9045d2e454667d5687 https://git.kernel.org/stable/c/57bcd3feffa79544c73a1a1872472389a391cc79 https://git.kernel.org/stable/c/673dafb9a86349a12a93151fd467625614dc7e12 https://git.kernel.org/stable/c/730e5ebff40c852e3ea57b71bf02a4b89c69435f https://git.kernel.org/stable/c/86588916e1887a5edb8a9161cd7ae81e47a7ed25 https://git.kernel.org/stable/c/a29215961d833f4de33a09c3964d31ebc6083033 https://git.kernel.org/stable/c/a7fa9460b86f810913b6779461d0448e7c11214c

Frequently Asked Questions

What is CVE-2026-31687? +
In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omap_mpuio_driver from omap_mpuio_init(), which is called from omap_gpio_probe(). However, it neither makes sense to register drivers from probe() callbacks of other drivers, nor does the driver core allow registering drivers with a device lock already being held. The latter was revealed by commit dc23806a7c47 ("driver core: enforce device_lock for driver_match_device()") leading to a potential deadlock condition described in [1]. Additionally, the omap_mpuio_driver is never unregistered from the driver core, even if the module is unloaded. Hence, register the omap_mpuio_driver from the module initcall and unregister it in module_exit(). It has a CVSS v3.1 base score of 5.5 (MEDIUM).
How severe is CVE-2026-31687? +
CVE-2026-31687 has a CVSS v3.1 score of 5.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0001, placing it in the 0th percentile for exploitation probability.
What products are affected by CVE-2026-31687? +
CVE-2026-31687 affects products from linux, specifically: linux_kernel. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2026-31687? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-1221

A Zigbee Radio Co-Processor (RCP), which is using SiLabs EmberZNet Zigbee stack, was unable to send messages to the host …
CVE-2025-10151

Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects smartLink HW-PN: …
CVE-2026-43215 8.8

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to …
CVE-2026-31629 8.8

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In nfc_llcp_recv_hdlc() …
CVE-2021-22530 8.2

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API …
CVE-2024-58087 8.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2026-31687 — free, no signup required.

Start Free Scan