CVE-2026-31740

Source
https://cve.org/CVERecord?id=CVE-2026-31740
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31740.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31740
Downstream
Published
2026-05-01T14:14:36.183Z
Modified
2026-07-08T08:06:22.514314800Z
Summary
counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member
Details

In the Linux kernel, the following vulnerability has been resolved:

counter: rz-mtu3-cnt: do not use struct rzmtu3channel's dev member

The counter driver can use HW channels 1 and 2, while the PWM driver can use HW channels 0, 1, 2, 3, 4, 6, 7.

The dev member is assigned both by the counter driver and the PWM driver for channels 1 and 2, to their own struct device instance, overwriting the previous value.

The sub-drivers race to assign their own struct device pointer to the same struct rzmtu3channel's dev member.

The dev member of struct rzmtu3channel is used by the counter sub-driver for runtime PM.

Depending on the probe order of the counter and PWM sub-drivers, the dev member may point to the wrong struct device instance, causing the counter sub-driver to do runtime PM actions on the wrong device.

To fix this, use the parent pointer of the counter, which is assigned during probe to the correct struct device, not the struct device pointer inside the shared struct rzmtu3channel.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31740.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0be8907359df4c62319f5cb2c6981ff0d9ebf35a
Fixed
28a371be901ef44ee03726c2575d7d6795521fe0
Fixed
633dfbf0eb2766c597c1a59dd83035c82e14791d
Fixed
6562290225c197e2e193a53de2a517815288dcd1
Fixed
63be324c795262f0e316c6fe9b329d83afa1ec93
Fixed
2932095c114b98cbb40ccf34fc00d613cb17cead

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31740.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.134
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.81
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.22
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.12

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31740.json"