Race Condition in Linux Kernel Due to Unprotected Regulator Operations
CVE-2026-31486

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31486?

A flaw in the Linux kernel affects regulator operations associated with PMBus registers, as the functions handling voltage settings lacked appropriate mutex protection. This mismanagement leads to race conditions when concurrent access occurs. The integration of mutex locking directly within these critical functions can result in deadlocks, especially since some callbacks may invoke these operations while already holding the mutex. To mitigate this risk, pmbus_regulator_notify() has been modified to operate through a worker function, processing notifications outside of strict mutex control, thereby utilizing atomic event storage for safer operation. The redesign guarantees that the worker function is initialized upon the regulator’s registration and properly managed during device removal.

Affected Version(s)

Linux ddbb4db4ced1ba784fcd3500179a7291b6c5d7b7 < 4e9d723d9f198b86f6882a84c501ba1f39e8d055

Linux ddbb4db4ced1ba784fcd3500179a7291b6c5d7b7 < 2c77ae315f3ce9d2c8e1609be74c9358c1fe4e07

Linux ddbb4db4ced1ba784fcd3500179a7291b6c5d7b7 < 754bd2b4a084b90b5e7b630e1f423061a9b9b761

References

https://git.kernel.org/stable/c/4e9d723d9f198b86f6882a84c...

https://git.kernel.org/stable/c/2c77ae315f3ce9d2c8e1609be...

https://git.kernel.org/stable/c/754bd2b4a084b90b5e7b630e1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31486 Data

JSON