CVE-2026-31480 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix potential deadlock in cpu hotplug with osnoise

The following sequence may leads deadlock in cpu hotplug:

task1 task2 task3
----- ----- -----

mutex_lock(&interface_lock)

[CPU GOING OFFLINE]

cpus_write_lock();
osnoise_cpu_die();
kthread_stop(task3);
wait_for_completion();

osnoise_sleep();
mutex_lock(&interface_lock);

cpus_read_lock();

[DEAD LOCK]

Fix by swap the order of cpus_read_lock() and mutex_lock(&interface_lock).

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`bce29ac9ce0bb0b0b146b687ab978378c21e9078`	affected	< cf929c21eeed5bd39873fb14bfdfff963fa6f1da
`bce29ac9ce0bb0b0b146b687ab978378c21e9078`	affected	< 7aa095ce7d224308cb6979956f0de8607df93d4f
`bce29ac9ce0bb0b0b146b687ab978378c21e9078`	affected	< ef41a85a55022e27cdaebf22a6676910b66f65aa
`bce29ac9ce0bb0b0b146b687ab978378c21e9078`	affected	< 03474a01c199de17a8e2d39b51df6beb9c76e831
`bce29ac9ce0bb0b0b146b687ab978378c21e9078`	affected	< f278b8ebf7eba2a1699cfc7bf30dd3ef898d60d7
`bce29ac9ce0bb0b0b146b687ab978378c21e9078`	affected	< 7a41d4633cd2c15eb5ed31e8f3b16910e50a8c9f
`bce29ac9ce0bb0b0b146b687ab978378c21e9078`	affected	< 1f9885732248d22f788e4992c739a98c88ab8a55

Linux

affected

Version	Status	Constraints
`5.14`	affected	—
`0`	unaffected	< 5.14
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.131`	unaffected	≤ 6.6.*
`6.12.80`	unaffected	≤ 6.12.*
`6.18.21`	unaffected	≤ 6.18.*
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/03474a01c199de17a8e2d39b51df6beb9c76e831
https://git.kernel.org/stable/c/1f9885732248d22f788e4992c739a98c88ab8a55
https://git.kernel.org/stable/c/7a41d4633cd2c15eb5ed31e8f3b16910e50a8c9f
https://git.kernel.org/stable/c/7aa095ce7d224308cb6979956f0de8607df93d4f
https://git.kernel.org/stable/c/cf929c21eeed5bd39873fb14bfdfff963fa6f1da
https://git.kernel.org/stable/c/ef41a85a55022e27cdaebf22a6676910b66f65aa
https://git.kernel.org/stable/c/f278b8ebf7eba2a1699cfc7bf30dd3ef898d60d7
https://lore.kernel.org/linux-cve-announce/2026042258-CVE-2026-31480-c2bf@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31480
https://www.cve.org/CVERecord?id=CVE-2026-31480

History

Thu, 23 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-833
References		https://lore.kernel.org/linux-cve-announce/2026042258-CVE-2026-31480-c2bf@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31480 https://www.cve.org/CVERecord?id=CVE-2026-31480
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock in cpu hotplug with osnoise The following sequence may leads deadlock in cpu hotplug: task1 task2 task3 ----- ----- ----- mutex_lock(&interface_lock) [CPU GOING OFFLINE] cpus_write_lock(); osnoise_cpu_die(); kthread_stop(task3); wait_for_completion(); osnoise_sleep(); mutex_lock(&interface_lock); cpus_read_lock(); [DEAD LOCK] Fix by swap the order of cpus_read_lock() and mutex_lock(&interface_lock).
Title		tracing: Fix potential deadlock in cpu hotplug with osnoise
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/03474a01c199de17a8e2d39b51df6beb9c76e831 https://git.kernel.org/stable/c/1f9885732248d22f788e4992c739a98c88ab8a55 https://git.kernel.org/stable/c/7a41d4633cd2c15eb5ed31e8f3b16910e50a8c9f https://git.kernel.org/stable/c/7aa095ce7d224308cb6979956f0de8607df93d4f https://git.kernel.org/stable/c/cf929c21eeed5bd39873fb14bfdfff963fa6f1da https://git.kernel.org/stable/c/ef41a85a55022e27cdaebf22a6676910b66f65aa https://git.kernel.org/stable/c/f278b8ebf7eba2a1699cfc7bf30dd3ef898d60d7

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:54:07.566Z

Updated: 2026-04-22T13:54:07.566Z

Reserved: 2026-03-09T15:48:24.100Z

Link: CVE-2026-31480

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-04-22T14:16:45.170

Modified: 2026-04-23T16:17:41.280

Link: CVE-2026-31480

Redhat

Severity : Moderate

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31480 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-22T17:00:11Z

Weaknesses

CWE-833

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object