HOMEVULNERABILITIESCVE-2026-31572
MEDIUM

CVE-2026-31572

Published: April 24, 2026· Updated: Apr 27, 2026

4.7
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

i2c: designware: amdisp: Fix resume-probe race condition issue

Identified resume-probe race condition in kernel v7.0 with the commit

38fa29b01a6a ("i2c: designware: Combine the init functions"),but this

issue existed from the beginning though not detected.

The amdisp i2c device requires ISP to be in power-on state for probe

to succeed. To meet this requirement, this device is added to genpd

to control ISP power using runtime PM. The pm_runtime_get_sync() called

before i2c_dw_probe() triggers PM resume, which powers on ISP and also

invokes the amdisp i2c runtime resume before the probe completes resulting

in this race condition and a NULL dereferencing issue in v7.0

Fix this race condition by using the genpd APIs directly during probe:

- Call dev_pm_genpd_resume() to Power ON ISP before probe

- Call dev_pm_genpd_suspend() to Power OFF ISP after probe

- Set the device to suspended state with pm_runtime_set_suspended()

- Enable runtime PM only after the device is fully initialized

NVD Source

Technical Analysis

CVE-2026-31572 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in availability disruption (denial of service), with a CVSS base score of 4.7.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityHigh
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 3 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (3)

Quick Facts

CVE IDCVE-2026-31572
CVSS Score4.7 / 10
SeverityMEDIUM
CISA KEVNo
EPSS (30d)0.02%
Affected1 vendor
PublishedApr 24, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31572 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.