CVE-2026-31687

MEDIUM

gpio: omap: do not register driver in probe()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omap_mpuio_driver from omap_mpuio_init(), which is called from omap_gpio_probe(). However, it neither makes sense to register drivers from probe() callbacks of other drivers, nor does the driver core allow registering drivers with a device lock already being held. The latter was revealed by commit dc23806a7c47 ("driver core: enforce device_lock for driver_match_device()") leading to a potential deadlock condition described in [1]. Additionally, the omap_mpuio_driver is never unregistered from the driver core, even if the module is unloaded. Hence, register the omap_mpuio_driver from the module initcall and unregister it in module_exit().

Scores

CVSS v3 5.5
EPSS 0.0010
EPSS Percentile 0.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-667
Status published
Products (37)
linux/Kernel 2.6.22 - 5.10.251linux
linux/Kernel 5.11.0 - 5.15.201linux
linux/Kernel 5.16.0 - 6.1.164linux
linux/Kernel 6.13.0 - 6.18.11linux
linux/Kernel 6.19.0 - 6.19.2linux
linux/Kernel 6.2.0 - 6.6.125linux
linux/Kernel 6.7.0 - 6.12.72linux
Linux/Linux < 2.6.22
Linux/Linux 11a78b7944963a8b052be46108d07a3ced9e2762 - 1c04c3a4de8d4bcb9202f94c44f26c57c2572308
Linux/Linux 11a78b7944963a8b052be46108d07a3ced9e2762 - 2211d77892913804d16c28c7415b82804ab1e54c
... and 27 more
Published Apr 27, 2026
Tracked Since Apr 27, 2026