CVE-2026-31550 - Vulnerability Details

- pmdomain: bcm: bcm2835-power: Increase ASB control timeout

Description

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: bcm: bcm2835-power: Increase ASB control timeout

The bcm2835_asb_control() function uses a tight polling loop to wait
for the ASB bridge to acknowledge a request. During intensive workloads,
this handshake intermittently fails for V3D's master ASB on BCM2711,
resulting in "Failed to disable ASB master for v3d" errors during
runtime PM suspend. As a consequence, the failed power-off leaves V3D in
a broken state, leading to bus faults or system hangs on later accesses.

As the timeout is insufficient in some scenarios, increase the polling
timeout from 1us to 5us, which is still negligible in the context of a
power domain transition. Also, replace the open-coded ktime_get_ns()/
cpu_relax() polling loop with readl_poll_timeout_atomic().

Published: 2026-04-24

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The BCM2835 power domain driver on Broadcom BCM2711 contains a tight polling loop that waits for the ASB bridge to acknowledge control requests. During periods of intensive workload, this handshake can fail, causing the kernel to report "Failed to disable ASB master for v3d" during runtime power‑management suspend. When these handshakes fail, the V3D device is left in a broken state, leading to bus faults or complete system hangs on subsequent accesses. As the issue originates in kernel code and manifests as a loss of device functionality, the primary impact is a denial of service on the affected system, reducing overall stability and availability. The requirement for local or privileged kernel access and the attack vector are inferred from the description.

Affected Systems

All Linux kernel releases that support the BCM2835 power domain, including kernel 5.1 and every 7.0 release candidate through 7.0 rc7, are potentially affected. The flaw exists in the BCM2835 module that interfaces with the V3D master ASB on BCM2711 devices, i.e. Raspberry Pi and similar Broadcom SoC boards.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity vulnerability. The EPSS score is below 1%, suggesting a low likelihood of widespread exploitation. The issue is not indexed in the CISA KEV catalog, further indicating limited known exploitation activity. The vulnerability requires local or privileged kernel access to trigger, typically by initiating a power‑management suspend while the system is under heavy load. Because it is a kernel bug that causes a hardware resource to remain in a failed state, exploitation does not yield arbitrary code execution but results in services hanging or the system becoming unstable. Therefore, the risk is primarily confidentiality‑side effects are negligible, but integrity and availability are impacted when the fault is triggered. The attack vector is likely local with privileged kernel access, inferred from the need to trigger a power‑management suspend.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`670c672608a1ffcbc7ac0f872734843593bb8b15`	affected	< 0e84e74849d2d7e9b23a09c2d5e0d9357db1ca59
`670c672608a1ffcbc7ac0f872734843593bb8b15`	affected	< c5e734f6a0740dce92e7c919e632cb43fa5d4e53
`670c672608a1ffcbc7ac0f872734843593bb8b15`	affected	< 622ab02e955c35c125ff2b65d8327b2c52db8758
`670c672608a1ffcbc7ac0f872734843593bb8b15`	affected	< 9443202d91388026dbf7312972a74fbfd27ee82f
`670c672608a1ffcbc7ac0f872734843593bb8b15`	affected	< ea4fa54b83bb2e4a21e9026824bfe271b1a6ee1e
`670c672608a1ffcbc7ac0f872734843593bb8b15`	affected	< 18605b1b936b66b1f34dcf8e9ad4f1fbcf7a7c13
`670c672608a1ffcbc7ac0f872734843593bb8b15`	affected	< 572f17180f26619809b8e0593d926762aa8660ff
`670c672608a1ffcbc7ac0f872734843593bb8b15`	affected	< b826d2c0b0ecb844c84431ba6b502e744f5d919a

Linux

affected

Version	Status	Constraints
`5.1`	affected	—
`0`	unaffected	< 5.1
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.78`	unaffected	≤ 6.12.*
`6.18.20`	unaffected	≤ 6.18.*
`6.19.10`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.1:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[670c672608a1ffcbc7ac0f872734843593bb8b15,0e84e74849d2d7e9b23a09c2d5e0d9357db1ca59)`	affected	code_commit	—
`[670c672608a1ffcbc7ac0f872734843593bb8b15,c5e734f6a0740dce92e7c919e632cb43fa5d4e53)`	affected	code_commit	—
`[670c672608a1ffcbc7ac0f872734843593bb8b15,622ab02e955c35c125ff2b65d8327b2c52db8758)`	affected	code_commit	—
`[670c672608a1ffcbc7ac0f872734843593bb8b15,9443202d91388026dbf7312972a74fbfd27ee82f)`	affected	code_commit	—
`[670c672608a1ffcbc7ac0f872734843593bb8b15,ea4fa54b83bb2e4a21e9026824bfe271b1a6ee1e)`	affected	code_commit	—
`[670c672608a1ffcbc7ac0f872734843593bb8b15,18605b1b936b66b1f34dcf8e9ad4f1fbcf7a7c13)`	affected	code_commit	—
`[670c672608a1ffcbc7ac0f872734843593bb8b15,572f17180f26619809b8e0593d926762aa8660ff)`	affected	code_commit	—
`[670c672608a1ffcbc7ac0f872734843593bb8b15,b826d2c0b0ecb844c84431ba6b502e744f5d919a)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.1`	affected	semver	—
`[0,5.1)`	unaffected	semver	—
`[5.10.253,5.11.0)`	unaffected	semver	—
`[5.15.203,5.16.0)`	unaffected	semver	—
`[6.1.167,6.2.0)`	unaffected	semver	—
`[6.6.130,6.7.0)`	unaffected	semver	—
`[6.12.78,6.13.0)`	unaffected	semver	—
`[6.18.20,6.19.0)`	unaffected	semver	—
`[6.19.10,6.20.0)`	unaffected	semver	—
`[0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the running kernel to a version that includes the patch which increases the ASB control timeout and replaces the polling loop with readl_poll_timeout_atomic().
After upgrading, reboot the system to load the updated driver and confirm that V3D can suspend and resume without generating “Failed to disable ASB master for v3d” errors.
Test runtime power‑management on the device by performing a suspend/resume cycle under load to ensure the error no longer occurs. If an upgrade is not immediately viable, temporarily disable runtime PM for the V3D device to avoid the fault.

Generated by OpenCVE AI on April 28, 2026 at 14:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4561-1	linux-6.1 security update
Debian DLA	DLA-4606-1	linux security update
Debian DSA	DSA-6238-1	linux security update
Debian DSA	DSA-6243-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0e84e74849d2d7e9b23a09c2d5e0d9357db1ca59
https://git.kernel.org/stable/c/18605b1b936b66b1f34dcf8e9ad4f1fbcf7a7c13
https://git.kernel.org/stable/c/572f17180f26619809b8e0593d926762aa8660ff
https://git.kernel.org/stable/c/622ab02e955c35c125ff2b65d8327b2c52db8758
https://git.kernel.org/stable/c/9443202d91388026dbf7312972a74fbfd27ee82f
https://git.kernel.org/stable/c/b826d2c0b0ecb844c84431ba6b502e744f5d919a
https://git.kernel.org/stable/c/c5e734f6a0740dce92e7c919e632cb43fa5d4e53
https://git.kernel.org/stable/c/ea4fa54b83bb2e4a21e9026824bfe271b1a6ee1e
https://lore.kernel.org/linux-cve-announce/2026042426-CVE-2026-31550-17d2@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31550
https://www.cve.org/CVERecord?id=CVE-2026-31550

History

Mon, 27 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:5.1:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

Sat, 25 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-821
References		https://lore.kernel.org/linux-cve-announce/2026042426-CVE-2026-31550-17d2@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31550 https://www.cve.org/CVERecord?id=CVE-2026-31550
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Fri, 24 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: pmdomain: bcm: bcm2835-power: Increase ASB control timeout The bcm2835_asb_control() function uses a tight polling loop to wait for the ASB bridge to acknowledge a request. During intensive workloads, this handshake intermittently fails for V3D's master ASB on BCM2711, resulting in "Failed to disable ASB master for v3d" errors during runtime PM suspend. As a consequence, the failed power-off leaves V3D in a broken state, leading to bus faults or system hangs on later accesses. As the timeout is insufficient in some scenarios, increase the polling timeout from 1us to 5us, which is still negligible in the context of a power domain transition. Also, replace the open-coded ktime_get_ns()/ cpu_relax() polling loop with readl_poll_timeout_atomic().
Title		pmdomain: bcm: bcm2835-power: Increase ASB control timeout
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0e84e74849d2d7e9b23a09c2d5e0d9357db1ca59 https://git.kernel.org/stable/c/18605b1b936b66b1f34dcf8e9ad4f1fbcf7a7c13 https://git.kernel.org/stable/c/572f17180f26619809b8e0593d926762aa8660ff https://git.kernel.org/stable/c/622ab02e955c35c125ff2b65d8327b2c52db8758 https://git.kernel.org/stable/c/9443202d91388026dbf7312972a74fbfd27ee82f https://git.kernel.org/stable/c/b826d2c0b0ecb844c84431ba6b502e744f5d919a https://git.kernel.org/stable/c/c5e734f6a0740dce92e7c919e632cb43fa5d4e53 https://git.kernel.org/stable/c/ea4fa54b83bb2e4a21e9026824bfe271b1a6ee1e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-24T14:33:17.508Z

Updated: 2026-05-11T22:10:56.707Z

Reserved: 2026-03-09T15:48:24.115Z

Link: CVE-2026-31550

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-24T15:16:29.207

Modified: 2026-04-27T20:15:37.860

Link: CVE-2026-31550

Redhat

Severity : Low

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31550 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-28T14:30:33Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object