CVE-2026-31761
Published: 01 May 2026
Summary
CVE-2026-31761 is a high-severity Race Condition (CWE-362) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, prioritization, and remediation of flaws like CVE-2026-31761 through kernel patches that relocate iio_device_register() to the end of the probe function.
Minimizes exposure by configuring systems to disable unnecessary kernel drivers like the vulnerable MPU3050 gyroscope driver if not required.
Enables scanning and monitoring to identify Linux kernel versions affected by the MPU3050 driver race condition vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Race condition in Linux kernel IIO/MPU3050 driver probe allows local low-privileged attacker to trigger concurrent access before initialization, directly enabling arbitrary code execution and full C/I/A impact (CVSS 7.8 local). This maps to exploitation of a software vulnerability for privilege escalation to kernel/root context.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Move iio_device_register() to correct location iio_device_register() should be at the end of the probe function to prevent race conditions. Place iio_device_register() at the end of the probe…
more
function and place iio_device_unregister() accordingly.
Deeper analysisAI
CVE-2026-31761 is a race condition vulnerability in the Linux kernel's Industrial I/O (IIO) subsystem, specifically within the MPU3050 gyroscope driver. The flaw occurs because the iio_device_register() function is invoked too early in the probe function, potentially exposing the device to concurrent access issues before full initialization. It affects Linux kernel versions prior to the application of the referenced stable patches and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability through low-complexity means without requiring user interaction. Exploitation involves triggering the race condition during device probing, which could allow the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution or system disruption within the context of the affected driver.
Mitigation is provided through kernel patches in multiple stable branches, which relocate iio_device_register() to the end of the probe function and position iio_device_unregister() accordingly to eliminate the race. These fixes are available in the following commits: https://git.kernel.org/stable/c/051ca43b0e0e4b66bfd349cd53ccf231ad1d69b7, https://git.kernel.org/stable/c/22487ef85f6dd9499ddf49b85a08afc50a3f1992, https://git.kernel.org/stable/c/2a4537653d200fda2a8516083459f8ff6194f8fc, https://git.kernel.org/stable/c/4c05799449108fb0e0a6bd30e65fffc71e60db4d, and https://git.kernel.org/stable/c/59a317f8215674c8330817770497301bfb2c1b99. Security practitioners should update to kernels incorporating these changes.
Details
- CWE(s)