Circular Locking Dependency in Linux Kernel Affecting Input Devices
CVE-2026-31667

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31667?

A circular locking dependency has been identified in the Linux kernel's uinput subsystem that can occur when using force-feedback gamepads, particularly highlighted during gaming sessions such as ELDEN RING with certain controllers. Specifically, the issue arises from multiple paths for lock acquisition that lead to a deadlock scenario, inhibiting the game's responsiveness. The resolution involves introducing a state_lock spinlock to manage device state changes without introducing cyclical dependencies. This enhancement allows safe access to the udev state and ensures proper event queuing, significantly improving system stability and performance during input operations.

Affected Version(s)

Linux ff462551235d8d7d843a005950bc90924fcedede < 71a9729f412e2c692a35c542e14b706fb342927f

Linux ff462551235d8d7d843a005950bc90924fcedede < 271ee71a1917b89f6d73ec82dd091c33d92ee617

Linux ff462551235d8d7d843a005950bc90924fcedede < 974f7b138c3a96dd5cd53d1b33409cd7b2229dc6

References

https://git.kernel.org/stable/c/71a9729f412e2c692a35c542e...

https://git.kernel.org/stable/c/271ee71a1917b89f6d73ec82d...

https://git.kernel.org/stable/c/974f7b138c3a96dd5cd53d1b3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31667 Data

JSON