CVE-2026-31486

hwmon: (pmbus/core) Protect regulator operations with mutex

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regulator operations with mutex The regulator operations pmbus_regulator_get_voltage(),
pmbus_regulator_set_voltage(), and pmbus_regulator_list_voltage()
access PMBus registers and shared data but were not protected by
the update_lock mutex. This could lead to race conditions. However, adding mutex protection directly to these functions causes
a deadlock because pmbus_regulator_notify() (which calls
regulator_notifier_call_chain()) is often called with the mutex
already held (e.g., from pmbus_fault_handler()). If a regulator
callback then calls one of the now-protected voltage functions,
it will attempt to acquire the same mutex. Rework pmbus_regulator_notify() to utilize a worker function to
send notifications outside of the mutex protection. Events are
stored as atomics in a per-page bitmask and processed by the worker. Initialize the worker and its associated data during regulator
registration, and ensure it is cancelled on device removal using
devm_add_action_or_reset(). While at it, remove the unnecessary include of linux/of.h.

*Credits: N/A

CVSS Scores

kernel.orgv3.1 7.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-03-09 CVE Reserved
2026-04-22 CVE Published
2026-04-28 CVE Updated
2026-04-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-667: Improper Locking

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/ddbb4db4ced1ba784fcd3500179a7291b6c5d7b7	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4e9d723d9f198b86f6882a84c501ba1f39e8d055	2026-04-02
https://git.kernel.org/stable/c/2c77ae315f3ce9d2c8e1609be74c9358c1fe4e07	2026-04-02
https://git.kernel.org/stable/c/754bd2b4a084b90b5e7b630e1f423061a9b9b761	2026-03-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 6.18.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 6.18.21"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 6.19.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 6.19.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 7.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 7.0"		en		Affected