CVE-2026-31655 - Vulnerability Details

- pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled

Description

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled

Keep the NOC_HDCP clock always enabled to fix the potential hang
caused by the NoC ADB400 port power down handshake.

Published: 2026-04-24

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from an incorrect handling of the NOC_HDCP clock during a NoC ADB400 port power‑down handshake, a weakness classified as CWE‑413: Incorrect Interface Usage. The driver may disable the clock, causing the handshake to stall and potentially leading to a kernel hang. A patch that forces the clock to remain enabled fixes the problem and prevents the denial of service.

Affected Systems

The vulnerability is present by default in Linux kernel 6.1 and all 7.0 release‑candidate builds (rc1 through rc7). It affects systems that load the imx8mp‑blk‑ctrl driver before the patch that keeps the NOC_HDCP clock enabled.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1% shows a very low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker able to trigger the NoC ADB400 power‑down sequence, which is unlikely without privileged or kernel access or a component failure. Overall, the risk is low to moderate, but the potential impact on availability warrants timely remediation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`77b0ddb42add47748c661f714e6f4b116a6e8759`	affected	< 80fd0de89805a3f92dc320f5ab5a18007c260374
`77b0ddb42add47748c661f714e6f4b116a6e8759`	affected	< 3086374e8bc7fd65f2cc62ef52351c6d662f1543
`77b0ddb42add47748c661f714e6f4b116a6e8759`	affected	< e44919669f07b8f113ad49a248b44ca4f119bc94
`77b0ddb42add47748c661f714e6f4b116a6e8759`	affected	< d1ef779d02b5df4e8bff4083b20bfea587b43c4b
`77b0ddb42add47748c661f714e6f4b116a6e8759`	affected	< e91d5f94acf68618ea3ad9c92ac28614e791ae7d

Linux

affected

Version	Status	Constraints
`6.1`	affected	—
`0`	unaffected	< 6.1
`6.6.135`	unaffected	≤ 6.6.*
`6.12.82`	unaffected	≤ 6.12.*
`6.18.23`	unaffected	≤ 6.18.*
`6.19.13`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[77b0ddb42add47748c661f714e6f4b116a6e8759,80fd0de89805a3f92dc320f5ab5a18007c260374)`	affected	code_commit	—
`[77b0ddb42add47748c661f714e6f4b116a6e8759,3086374e8bc7fd65f2cc62ef52351c6d662f1543)`	affected	code_commit	—
`[77b0ddb42add47748c661f714e6f4b116a6e8759,e44919669f07b8f113ad49a248b44ca4f119bc94)`	affected	code_commit	—
`[77b0ddb42add47748c661f714e6f4b116a6e8759,d1ef779d02b5df4e8bff4083b20bfea587b43c4b)`	affected	code_commit	—
`[77b0ddb42add47748c661f714e6f4b116a6e8759,e91d5f94acf68618ea3ad9c92ac28614e791ae7d)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.1`	affected	semver	—
`[0,6.1)`	unaffected	generic	—
`[6.6.135,7.0.0)`	unaffected	semver	—
`[6.12.82,6.13.0)`	unaffected	semver	—
`[6.18.23,6.19.0)`	unaffected	semver	—
`[6.19.13,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a release that includes the fix for the NOC_HDCP clock retention, such as the latest 6.1.x or a 7.0 release candidate with the relevant commit.
Until the kernel is updated, avoid performing NoC ADB400 port power‑down sequences during critical operations, or disable related power state changes to prevent the handshake from stalling.
Monitor system logs for signs of NoC ADB400 port power‑down stalls and be prepared to reboot or recover if a kernel hang occurs.

Generated by OpenCVE AI on April 28, 2026 at 23:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6238-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3086374e8bc7fd65f2cc62ef52351c6d662f1543
https://git.kernel.org/stable/c/80fd0de89805a3f92dc320f5ab5a18007c260374
https://git.kernel.org/stable/c/d1ef779d02b5df4e8bff4083b20bfea587b43c4b
https://git.kernel.org/stable/c/e44919669f07b8f113ad49a248b44ca4f119bc94
https://git.kernel.org/stable/c/e91d5f94acf68618ea3ad9c92ac28614e791ae7d
https://lore.kernel.org/linux-cve-announce/2026042401-CVE-2026-31655-17ab@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31655
https://www.cve.org/CVERecord?id=CVE-2026-31655

History

Mon, 27 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:6.1:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

Sat, 25 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-413
References		https://lore.kernel.org/linux-cve-announce/2026042401-CVE-2026-31655-17ab@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31655 https://www.cve.org/CVERecord?id=CVE-2026-31655
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Fri, 24 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled Keep the NOC_HDCP clock always enabled to fix the potential hang caused by the NoC ADB400 port power down handshake.
Title		pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3086374e8bc7fd65f2cc62ef52351c6d662f1543 https://git.kernel.org/stable/c/80fd0de89805a3f92dc320f5ab5a18007c260374 https://git.kernel.org/stable/c/d1ef779d02b5df4e8bff4083b20bfea587b43c4b https://git.kernel.org/stable/c/e44919669f07b8f113ad49a248b44ca4f119bc94 https://git.kernel.org/stable/c/e91d5f94acf68618ea3ad9c92ac28614e791ae7d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-24T14:45:07.085Z

Updated: 2026-05-11T22:13:00.925Z

Reserved: 2026-03-09T15:48:24.129Z

Link: CVE-2026-31655

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-24T15:16:44.993

Modified: 2026-04-27T20:16:32.123

Link: CVE-2026-31655

Redhat

Severity : Low

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31655 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-28T23:45:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object