CVE-2026-31761 - Vulnerability Details

- iio: gyro: mpu3050: Move iio_device_register() to correct location

Description

In the Linux kernel, the following vulnerability has been resolved:

iio: gyro: mpu3050: Move iio_device_register() to correct location

iio_device_register() should be at the end of the probe function to
prevent race conditions.

Place iio_device_register() at the end of the probe function and place
iio_device_unregister() accordingly.

Published: 2026-05-01

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A race condition exists in the Linux kernel MPU3050 gyro driver where iio_device_register() is called before the probe function completes; this ordering flaw could allow a local attacker to trigger concurrent probe operations and possibly corrupt kernel memory. Based on the description, the timing violation could lead to kernel state manipulation, which may in turn provide an avenue for privilege escalation.

Affected Systems

Linux kernel builds that include the MPU3050 gyro driver without the recent patch are vulnerable. Since the CNA product list identifies only Linux kernels under the cpe:2.3:o:linux:linux_kernel:* class, the issue applies across all kernel releases containing the unpatched driver, regardless of version specifics.

Risk and Exploitability

The CVSS score is 7.8 and the EPSS score is less than 1%, indicating limited but non‑zero exploitation probability. The vulnerability is not present in the CISA KEV catalog. Based on the description, it is inferred that exploitation would require local access to trigger the probe routine, making the attack vector local. While no definitive exploitation has been reported, the presence of a race condition that could lead to privilege escalation renders the risk significant for affected systems.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 22487ef85f6dd9499ddf49b85a08afc50a3f1992
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< caec338f91469f0a70b68165185afa3abc994545
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 051ca43b0e0e4b66bfd349cd53ccf231ad1d69b7
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 2a4537653d200fda2a8516083459f8ff6194f8fc
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 92f18aa86302fe83e0726a1191015f427d4ff056
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< cc3de12a5612ee25df7fb549cb7b3e4cc8bfaf9c
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 59a317f8215674c8330817770497301bfb2c1b99
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 4c05799449108fb0e0a6bd30e65fffc71e60db4d

Linux

affected

Version	Status	Constraints
`4.10`	affected	—
`0`	unaffected	< 4.10
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.134`	unaffected	≤ 6.6.*
`6.12.81`	unaffected	≤ 6.12.*
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[3904b28efb2c780c23dcddfb87e07fe0230661e5,22487ef85f6dd9499ddf49b85a08afc50a3f1992)`	affected	code_commit	—
`[3904b28efb2c780c23dcddfb87e07fe0230661e5,caec338f91469f0a70b68165185afa3abc994545)`	affected	code_commit	—
`[3904b28efb2c780c23dcddfb87e07fe0230661e5,051ca43b0e0e4b66bfd349cd53ccf231ad1d69b7)`	affected	code_commit	—
`[3904b28efb2c780c23dcddfb87e07fe0230661e5,2a4537653d200fda2a8516083459f8ff6194f8fc)`	affected	code_commit	—
`[3904b28efb2c780c23dcddfb87e07fe0230661e5,92f18aa86302fe83e0726a1191015f427d4ff056)`	affected	code_commit	—
`[3904b28efb2c780c23dcddfb87e07fe0230661e5,cc3de12a5612ee25df7fb549cb7b3e4cc8bfaf9c)`	affected	code_commit	—
`[3904b28efb2c780c23dcddfb87e07fe0230661e5,59a317f8215674c8330817770497301bfb2c1b99)`	affected	code_commit	—
`[3904b28efb2c780c23dcddfb87e07fe0230661e5,4c05799449108fb0e0a6bd30e65fffc71e60db4d)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.10`	affected	generic	—
`[0,4.10)`	unaffected	generic	—
`[5.10.253,5.11.0)`	unaffected	semver	—
`[5.15.203,5.16.0)`	unaffected	semver	—
`[6.1.168,6.2.0)`	unaffected	semver	—
`[6.6.134,6.7.0)`	unaffected	semver	—
`[6.12.81,6.13.0)`	unaffected	semver	—
`[6.18.22,6.19.0)`	unaffected	semver	—
`[6.19.12,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that incorporates the race condition fix for the MPU3050 driver.
If upgrading is not possible, apply the upstream patch that moves iio_device_register() to the end of the probe function and adjusts iio_device_unregister() accordingly.
If neither patch nor upgrade is feasible, disable or blacklist the MPU3050 driver to eliminate the race condition window.

Generated by OpenCVE AI on May 8, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4561-1	linux-6.1 security update
Debian DLA	DLA-4606-1	linux security update
Debian DSA	DSA-6243-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/051ca43b0e0e4b66bfd349cd53ccf231ad1d69b7
https://git.kernel.org/stable/c/22487ef85f6dd9499ddf49b85a08afc50a3f1992
https://git.kernel.org/stable/c/2a4537653d200fda2a8516083459f8ff6194f8fc
https://git.kernel.org/stable/c/4c05799449108fb0e0a6bd30e65fffc71e60db4d
https://git.kernel.org/stable/c/59a317f8215674c8330817770497301bfb2c1b99
https://git.kernel.org/stable/c/92f18aa86302fe83e0726a1191015f427d4ff056
https://git.kernel.org/stable/c/caec338f91469f0a70b68165185afa3abc994545
https://git.kernel.org/stable/c/cc3de12a5612ee25df7fb549cb7b3e4cc8bfaf9c
https://lore.kernel.org/linux-cve-announce/2026050145-CVE-2026-31761-6af9@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31761
https://www.cve.org/CVERecord?id=CVE-2026-31761

History

Fri, 08 May 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::

Sun, 03 May 2026 06:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Sat, 02 May 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-410

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-367
References		https://lore.kernel.org/linux-cve-announce/2026050145-CVE-2026-31761-6af9@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31761 https://www.cve.org/CVERecord?id=CVE-2026-31761

Fri, 01 May 2026 23:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-410

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Move iio_device_register() to correct location iio_device_register() should be at the end of the probe function to prevent race conditions. Place iio_device_register() at the end of the probe function and place iio_device_unregister() accordingly.
Title		iio: gyro: mpu3050: Move iio_device_register() to correct location
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/051ca43b0e0e4b66bfd349cd53ccf231ad1d69b7 https://git.kernel.org/stable/c/22487ef85f6dd9499ddf49b85a08afc50a3f1992 https://git.kernel.org/stable/c/2a4537653d200fda2a8516083459f8ff6194f8fc https://git.kernel.org/stable/c/4c05799449108fb0e0a6bd30e65fffc71e60db4d https://git.kernel.org/stable/c/59a317f8215674c8330817770497301bfb2c1b99 https://git.kernel.org/stable/c/92f18aa86302fe83e0726a1191015f427d4ff056 https://git.kernel.org/stable/c/caec338f91469f0a70b68165185afa3abc994545 https://git.kernel.org/stable/c/cc3de12a5612ee25df7fb549cb7b3e4cc8bfaf9c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:14:53.223Z

Updated: 2026-05-11T22:15:18.264Z

Reserved: 2026-03-09T15:48:24.139Z

Link: CVE-2026-31761

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-01T15:16:39.153

Modified: 2026-05-08T18:11:08.930

Link: CVE-2026-31761

Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31761 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-08T20:30:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object