Cyber Resilience

CVE-2026-31761

High

Published: 01 May 2026

Published
01 May 2026
Modified
08 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31761 is a high-severity Race Condition (CWE-362) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-31761 is a race condition vulnerability in the Linux kernel's Industrial I/O (IIO) subsystem, specifically within the MPU3050 gyroscope driver. The flaw occurs because the iio_device_register() function is invoked too early in the probe function, potentially exposing the device to concurrent access issues before full initialization. It affects Linux kernel versions prior to the application of the referenced stable patches and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability through low-complexity means without requiring user interaction. Exploitation involves triggering the race condition during device probing, which could allow the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution or system disruption within the context of the affected driver.

Mitigation is provided through kernel patches in multiple stable branches, which relocate iio_device_register() to the end of the probe function and position iio_device_unregister() accordingly to eliminate the race. These fixes are available in the following commits: https://git.kernel.org/stable/c/051ca43b0e0e4b66bfd349cd53ccf231ad1d69b7, https://git.kernel.org/stable/c/22487ef85f6dd9499ddf49b85a08afc50a3f1992, https://git.kernel.org/stable/c/2a4537653d200fda2a8516083459f8ff6194f8fc, https://git.kernel.org/stable/c/4c05799449108fb0e0a6bd30e65fffc71e60db4d, and https://git.kernel.org/stable/c/59a317f8215674c8330817770497301bfb2c1b99. Security practitioners should update to kernels incorporating these changes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Move iio_device_register() to correct location iio_device_register() should be at the end of the probe function to prevent race conditions. Place iio_device_register() at the end of the probe…

more

function and place iio_device_unregister() accordingly.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Race condition in Linux kernel IIO/MPU3050 driver probe allows local low-privileged attacker to trigger concurrent access before initialization, directly enabling arbitrary code execution and full C/I/A impact (CVSS 7.8 local). This maps to exploitation of a software vulnerability for privilege escalation to kernel/root context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23004Same product: Linux Linux Kernel
CVE-2026-23161Same product: Linux Linux Kernel
CVE-2026-31700Same product: Linux Linux Kernel
CVE-2026-23240Same product: Linux Linux Kernel
CVE-2026-23271Same product: Linux Linux Kernel
CVE-2026-23393Same product: Linux Linux Kernel
CVE-2026-31516Same product: Linux Linux Kernel
CVE-2026-23169Same product: Linux Linux Kernel
CVE-2026-23410Same product: Linux Linux Kernel
CVE-2026-23239Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
7.0 · 4.10 — 5.10.253 · 5.11 — 5.15.203 · 5.16 — 6.1.168

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, prioritization, and remediation of flaws like CVE-2026-31761 through kernel patches that relocate iio_device_register() to the end of the probe function.

prevent

Minimizes exposure by configuring systems to disable unnecessary kernel drivers like the vulnerable MPU3050 gyroscope driver if not required.

detect

Enables scanning and monitoring to identify Linux kernel versions affected by the MPU3050 driver race condition vulnerability.

References