CVE-2026-31687

MEDIUM

gpio: omap: do not register driver in probe()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omap_mpuio_driver from omap_mpuio_init(), which is called from omap_gpio_probe(). However, it neither makes sense to register drivers from probe() callbacks of other drivers, nor does the driver core allow registering drivers with a device lock already being held. The latter was revealed by commit dc23806a7c47 ("driver core: enforce device_lock for driver_match_device()") leading to a potential deadlock condition described in [1]. Additionally, the omap_mpuio_driver is never unregistered from the driver core, even if the module is unloaded. Hence, register the omap_mpuio_driver from the module initcall and unregister it in module_exit().

References (11)

Core 11
Core References

Scores

CVSS v3 5.5
EPSS 0.0001
EPSS Percentile 1.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-667
Status published
Products (30)
Linux/Linux < 2.6.22
Linux/Linux 11a78b7944963a8b052be46108d07a3ced9e2762 - 1c04c3a4de8d4bcb9202f94c44f26c57c2572308
Linux/Linux 11a78b7944963a8b052be46108d07a3ced9e2762 - 2211d77892913804d16c28c7415b82804ab1e54c
Linux/Linux 11a78b7944963a8b052be46108d07a3ced9e2762 - 32f08c3ddd6dda6cbb6c9d715de10f21dccde50f
Linux/Linux 11a78b7944963a8b052be46108d07a3ced9e2762 - 57bcd3feffa79544c73a1a1872472389a391cc79
Linux/Linux 11a78b7944963a8b052be46108d07a3ced9e2762 - 730e5ebff40c852e3ea57b71bf02a4b89c69435f
Linux/Linux 11a78b7944963a8b052be46108d07a3ced9e2762 - 86588916e1887a5edb8a9161cd7ae81e47a7ed25
Linux/Linux 11a78b7944963a8b052be46108d07a3ced9e2762 - a29215961d833f4de33a09c3964d31ebc6083033
Linux/Linux 2.6.22
Linux/Linux 5.10.251 - 5.10.*
... and 20 more
Published Apr 27, 2026
Tracked Since Apr 27, 2026