Improper resource shutdown or release in Linux kernel - CVE-2026-31763
Published: May 2, 2026
Vulnerability identifier: #VU128930
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31763
CWE-ID: CWE-404
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource shutdown or release in the mpu3050 gyroscope driver IRQ teardown logic when removing the driver or tearing down IRQ handling. A local user can trigger the vulnerable code path to cause a denial of service.
How to mitigate CVE-2026-31763
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/11f7cd960f05b3f06747abfdc4e56dd0d8b8a157
- https://git.kernel.org/stable/c/2821f7b62c5b3633c4923c7e4f742380897cd511
- https://git.kernel.org/stable/c/8001b42fbd5e510dced3a25665019982c99bc708
- https://git.kernel.org/stable/c/8631e755fc07b651b5d158cc3656ef76cc874068
- https://git.kernel.org/stable/c/a09171d3f23e13bccd3dc34863186707c6301071
- https://git.kernel.org/stable/c/ac1233397f4cfe55d71f6aa459b42c256c951531
- https://git.kernel.org/stable/c/edb11a1aef4011a4b7b22cc3c3396c6fe371f4a6
- https://git.kernel.org/stable/c/fdbe4b5268cd41f9953d25a67d139e47cac34519