CVE-2026-31545
Description
In the Linux kernel, the following vulnerability has been resolved:
NFC: nxp-nci: allow GPIOs to sleep
Allow the firmware and enable GPIOs to sleep.
This fixes a `WARN_ON' and allows the driver to operate GPIOs which are connected to I2C GPIO expanders.
-- >8 -- kernel: WARNING: CPU: 3 PID: 2636 at drivers/gpio/gpiolib.c:3880 gpiod_set_value+0x88/0x98 -- >8 --
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's NXP-NCI NFC driver, a bug causes a kernel WARN_ON when GPIOs are accessed in atomic context; the fix allows GPIOs to sleep.
Root
Cause
The vulnerability in the Linux kernel's NXP-NCI NFC driver occurs because the driver uses gpiod_set_value() without allowing the GPIO to sleep, triggering a kernel WARN_ON when the GPIO is connected to an I2C GPIO expander that requires sleeping [1]. Since GPIO operations can be called from atomic contexts, the driver must use the gpiod_set_value_cansleep() variant to avoid the warning.
Exploitation
An attacker with local access or the ability to trigger NFC operations (e.g., through the NFC subsystem) can cause the kernel to emit the warning, potentially leading to a denial-of-service condition if repeated. No special privileges are required beyond the ability to interact with the NFC driver.
Impact
While the warning itself does not directly corrupt data, it indicates a kernel bug that could lead to system instability if the GPIO operation fails. The CVSS score of 5.5 (medium) reflects the potential for local denial of service.
Mitigation
The fix has been applied to the Linux kernel stable branches [1]. Users should update to a kernel version that includes the commit c24dcac1a9d1b4fd164898df0c2f5b0adbf81a78 or later.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.4,<5.10.253
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/0c2320c3c860d281cbc2f49fc574c1947a6b9e2anvdPatch
- git.kernel.org/stable/c/2a175bc3c338c6b2bc55004e93dd35a2467bdca2nvdPatch
- git.kernel.org/stable/c/4de9ed2ea22d611b4149969266b45a86ea8daf35nvdPatch
- git.kernel.org/stable/c/548a1bfe591364e63bce4af7c5802bb434efdaf8nvdPatch
- git.kernel.org/stable/c/55dc632ab2ac2889b15995a9eef56c753d48ebc7nvdPatch
- git.kernel.org/stable/c/70662874f646871c2f08ef1cf2544ba9a5f71b96nvdPatch
- git.kernel.org/stable/c/783f05e560d761dee7ff602b97edb0e54f2e9727nvdPatch
- git.kernel.org/stable/c/c24dcac1a9d1b4fd164898df0c2f5b0adbf81a78nvdPatch
News mentions
0No linked articles in our index yet.