In the Linux kernel, the following vulnerability has been resolved:

gpio: omap: do not register driver in probe()

Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the
omap_mpuio_driver from omap_mpuio_init(), which is called from
omap_gpio_probe().

However, it neither makes sense to register drivers from probe()
callbacks of other drivers, nor does the driver core allow registering
drivers with a device lock already being held.

The latter was revealed by commit dc23806a7c47 ("driver core: enforce
device_lock for driver_match_device()") leading to a potential deadlock
condition described in [1].

Additionally, the omap_mpuio_driver is never unregistered from the
driver core, even if the module is unloaded.

Hence, register the omap_mpuio_driver from the module initcall and
unregister it in module_exit().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
11a78b7944963a8b052be46108d07a3ced9e2762 affected < 57bcd3feffa79544c73a1a1872472389a391cc79
11a78b7944963a8b052be46108d07a3ced9e2762 affected < 86588916e1887a5edb8a9161cd7ae81e47a7ed25
11a78b7944963a8b052be46108d07a3ced9e2762 affected < a29215961d833f4de33a09c3964d31ebc6083033
11a78b7944963a8b052be46108d07a3ced9e2762 affected < 1c04c3a4de8d4bcb9202f94c44f26c57c2572308
adc1796eced46b48e23ec200a219d635f33a38ee affected < 673dafb9a86349a12a93151fd467625614dc7e12
11a78b7944963a8b052be46108d07a3ced9e2762 affected < 2211d77892913804d16c28c7415b82804ab1e54c
cd0e0a76e40c2e77bcfc88291d00dca22b00158e affected < a7fa9460b86f810913b6779461d0448e7c11214c
11a78b7944963a8b052be46108d07a3ced9e2762 affected < 32f08c3ddd6dda6cbb6c9d715de10f21dccde50f
8d76b2488eb3cc0717ab81b60622cff4a5f90f79 affected < 53a76425e0764421ba93bb9045d2e454667d5687
11a78b7944963a8b052be46108d07a3ced9e2762 affected < 730e5ebff40c852e3ea57b71bf02a4b89c69435f
bc82e5f4d7dc8237ae8cabc73aa46fc93c85d98c affected < 03db4dc9ad6eb91e640b517e00373ce877682854
Linux Linux affected
Version Status Constraints
2.6.22 affected
0 unaffected < 2.6.22
5.10.251 unaffected ≤ 5.10.*
5.15.201 unaffected ≤ 5.15.*
6.1.164 unaffected ≤ 6.1.*
6.6.125 unaffected ≤ 6.6.*
6.6.126 unaffected ≤ 6.6.*
6.12.72 unaffected ≤ 6.12.*
6.12.73 unaffected ≤ 6.12.*
6.18.11 unaffected ≤ 6.18.*
6.18.12 unaffected ≤ 6.18.*
6.19.2 unaffected ≤ 6.19.*
6.19 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/03db4dc9ad6eb91e640b517e00373ce877682854 cve-icon cve-icon
https://git.kernel.org/stable/c/1c04c3a4de8d4bcb9202f94c44f26c57c2572308 cve-icon cve-icon
https://git.kernel.org/stable/c/2211d77892913804d16c28c7415b82804ab1e54c cve-icon cve-icon
https://git.kernel.org/stable/c/32f08c3ddd6dda6cbb6c9d715de10f21dccde50f cve-icon cve-icon
https://git.kernel.org/stable/c/53a76425e0764421ba93bb9045d2e454667d5687 cve-icon cve-icon
https://git.kernel.org/stable/c/57bcd3feffa79544c73a1a1872472389a391cc79 cve-icon cve-icon
https://git.kernel.org/stable/c/673dafb9a86349a12a93151fd467625614dc7e12 cve-icon cve-icon
https://git.kernel.org/stable/c/730e5ebff40c852e3ea57b71bf02a4b89c69435f cve-icon cve-icon
https://git.kernel.org/stable/c/86588916e1887a5edb8a9161cd7ae81e47a7ed25 cve-icon cve-icon
https://git.kernel.org/stable/c/a29215961d833f4de33a09c3964d31ebc6083033 cve-icon cve-icon
https://git.kernel.org/stable/c/a7fa9460b86f810913b6779461d0448e7c11214c cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026042706-CVE-2026-31687-ce28@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-31687 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-31687 cve-icon
History

Tue, 28 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833
References

Mon, 27 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omap_mpuio_driver from omap_mpuio_init(), which is called from omap_gpio_probe(). However, it neither makes sense to register drivers from probe() callbacks of other drivers, nor does the driver core allow registering drivers with a device lock already being held. The latter was revealed by commit dc23806a7c47 ("driver core: enforce device_lock for driver_match_device()") leading to a potential deadlock condition described in [1]. Additionally, the omap_mpuio_driver is never unregistered from the driver core, even if the module is unloaded. Hence, register the omap_mpuio_driver from the module initcall and unregister it in module_exit().
Title gpio: omap: do not register driver in probe()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-27T17:32:37.227Z

Reserved: 2026-03-09T15:48:24.131Z

Link: CVE-2026-31687

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-27T18:16:54.143

Modified: 2026-04-27T18:32:22.917

Link: CVE-2026-31687

cve-icon Redhat

Severity :

Publid Date: 2026-04-27T00:00:00Z

Links: CVE-2026-31687 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:30:18Z

Weaknesses