VYPR
Medium severity5.5NVD Advisory· Published May 1, 2026· Updated May 7, 2026

CVE-2026-31740

CVE-2026-31740

Description

In the Linux kernel, the following vulnerability has been resolved:

counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member

The counter driver can use HW channels 1 and 2, while the PWM driver can use HW channels 0, 1, 2, 3, 4, 6, 7.

The dev member is assigned both by the counter driver and the PWM driver for channels 1 and 2, to their own struct device instance, overwriting the previous value.

The sub-drivers race to assign their own struct device pointer to the same struct rz_mtu3_channel's dev member.

The dev member of struct rz_mtu3_channel is used by the counter sub-driver for runtime PM.

Depending on the probe order of the counter and PWM sub-drivers, the dev member may point to the wrong struct device instance, causing the counter sub-driver to do runtime PM actions on the wrong device.

To fix this, use the parent pointer of the counter, which is assigned during probe to the correct struct device, not the struct device pointer inside the shared struct rz_mtu3_channel.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Linux/Kernel7 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.4,<6.6.134
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.