Description
In the Linux kernel, the following vulnerability has been resolved:

iio: gyro: mpu3050-core: fix pm_runtime error handling

The return value of pm_runtime_get_sync() is not checked, allowing
the driver to access hardware that may fail to resume. The device
usage count is also unconditionally incremented. Use
pm_runtime_resume_and_get() which propagates errors and avoids
incrementing the usage count on failure.

In preenable, add pm_runtime_put_autosuspend() on set_8khz_samplerate()
failure since postdisable does not run when preenable fails.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The mpu3050-core driver in the Linux kernel incorrectly handles the return value of pm_runtime_get_sync(), which means the driver can access hardware that has not successfully resumed and will unconditionally increase its usage count even on failure. This flaw can lead to unreliable device operation, incorrect power state handling, and potential resource leakage, manifesting as degraded device performance or system crashes when the driver interacts with the MPU3050 sensor.

Affected Systems

Linux kernel releases that include the mpu3050-core driver prior to the implementation of the fix. The specific kernel versions are not enumerated in the advisory, but any build containing the unpatched gyro driver is affected.

Risk and Exploitability

The CVSS score is not provided, and the EPSS score is unavailable. The vulnerability does not appear to be remotely exploitable; it requires local interaction with the MPU3050 device and the Linux kernel driver. Because the error conditions lead to device misbehavior rather than arbitrary code execution, the likelihood of exploitation is low to moderate, though repeated failures could degrade system stability. The advisory does not list the issue in CISA's KEV catalog.

Generated by OpenCVE AI on May 8, 2026 at 17:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel release that includes the mpu3050-core driver patch
  • Rebuild the kernel or the MPU3050 driver from source that incorporates the updated pm_runtime_resume_and_get() handling
  • Reboot the system after patching to ensure the updated driver is loaded and runtime power‑management state is reset

Generated by OpenCVE AI on May 8, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-682

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pm_runtime error handling The return value of pm_runtime_get_sync() is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally incremented. Use pm_runtime_resume_and_get() which propagates errors and avoids incrementing the usage count on failure. In preenable, add pm_runtime_put_autosuspend() on set_8khz_samplerate() failure since postdisable does not run when preenable fails.
Title iio: gyro: mpu3050-core: fix pm_runtime error handling
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T14:21:13.050Z

Reserved: 2026-05-01T14:12:56.005Z

Link: CVE-2026-43357

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:46.477

Modified: 2026-05-08T15:16:46.477

Link: CVE-2026-43357

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T17:30:13Z

Weaknesses