Description
In the Linux kernel, the following vulnerability has been resolved:

hwmon: (pmbus/core) Protect regulator operations with mutex

The regulator operations pmbus_regulator_get_voltage(),
pmbus_regulator_set_voltage(), and pmbus_regulator_list_voltage()
access PMBus registers and shared data but were not protected by
the update_lock mutex. This could lead to race conditions.

However, adding mutex protection directly to these functions causes
a deadlock because pmbus_regulator_notify() (which calls
regulator_notifier_call_chain()) is often called with the mutex
already held (e.g., from pmbus_fault_handler()). If a regulator
callback then calls one of the now-protected voltage functions,
it will attempt to acquire the same mutex.

Rework pmbus_regulator_notify() to utilize a worker function to
send notifications outside of the mutex protection. Events are
stored as atomics in a per-page bitmask and processed by the worker.

Initialize the worker and its associated data during regulator
registration, and ensure it is cancelled on device removal using
devm_add_action_or_reset().

While at it, remove the unnecessary include of linux/of.h.
Published: 2026-04-22
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Race conditions in Linux kernel PMBus regulator operations
Action: Assess Impact
AI Analysis

Impact

In the Linux kernel, regulator operations such as get, set, and list voltage for PMBus devices accessed shared registers and data without proper mutex protection, leading to race conditions. The patch adds a mutex lock but must avoid a deadlock caused by nested calls in the notifier chain. The vulnerability can result in inconsistent regulator state, potential hardware malfunction, and a possible denial‑of‑service scenario for devices relying on accurate voltage control.

Affected Systems

All Linux kernel variants that implement PMBus regulator drivers before the patch, affecting any hardware using PMBus power management hardware accessed by the kernel. The exact kernel versions are not listed but the vulnerability applies to any kernel containing the pre‑patch code.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating a lower profile of exploitation. The CVSS score is not published, but the lack of remote exploitation paths and requirement for kernel context suggest a moderate threat level. The likely attack vector would involve locally privileged code able to trigger concurrent regulator access, such as a malicious kernel module or a vulnerable user‑space interface that drives regulator functions. No known exploit has been reported.

Generated by OpenCVE AI on April 22, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch series referenced in the provided Git commit URLs that encrypt regulator operations with a mutex and rewires notification to a worker, thereby preventing race conditions and deadlocks.
  • Reboot the system after applying the patch to load the updated kernel and clear any stale regulator state.
  • If updating the kernel immediately is not possible, restrict access to PMBus regulator interfaces or disable the PMBus regulator driver to prevent concurrent operations until a patch is available.

Generated by OpenCVE AI on April 22, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-820
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regulator operations with mutex The regulator operations pmbus_regulator_get_voltage(), pmbus_regulator_set_voltage(), and pmbus_regulator_list_voltage() access PMBus registers and shared data but were not protected by the update_lock mutex. This could lead to race conditions. However, adding mutex protection directly to these functions causes a deadlock because pmbus_regulator_notify() (which calls regulator_notifier_call_chain()) is often called with the mutex already held (e.g., from pmbus_fault_handler()). If a regulator callback then calls one of the now-protected voltage functions, it will attempt to acquire the same mutex. Rework pmbus_regulator_notify() to utilize a worker function to send notifications outside of the mutex protection. Events are stored as atomics in a per-page bitmask and processed by the worker. Initialize the worker and its associated data during regulator registration, and ensure it is cancelled on device removal using devm_add_action_or_reset(). While at it, remove the unnecessary include of linux/of.h.
Title hwmon: (pmbus/core) Protect regulator operations with mutex
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-22T13:54:11.594Z

Reserved: 2026-03-09T15:48:24.101Z

Link: CVE-2026-31486

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T14:16:46.160

Modified: 2026-04-23T16:17:41.280

Link: CVE-2026-31486

cve-icon Redhat

Severity : Low

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31486 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T19:00:08Z

Weaknesses