{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31550", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.115Z", "datePublished": "2026-04-24T14:33:17.508Z", "dateUpdated": "2026-05-11T22:10:56.707Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:10:56.707Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: bcm: bcm2835-power: Increase ASB control timeout\n\nThe bcm2835_asb_control() function uses a tight polling loop to wait\nfor the ASB bridge to acknowledge a request. During intensive workloads,\nthis handshake intermittently fails for V3D's master ASB on BCM2711,\nresulting in \"Failed to disable ASB master for v3d\" errors during\nruntime PM suspend. As a consequence, the failed power-off leaves V3D in\na broken state, leading to bus faults or system hangs on later accesses.\n\nAs the timeout is insufficient in some scenarios, increase the polling\ntimeout from 1us to 5us, which is still negligible in the context of a\npower domain transition. Also, replace the open-coded ktime_get_ns()/\ncpu_relax() polling loop with readl_poll_timeout_atomic()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pmdomain/bcm/bcm2835-power.c"], "versions": [{"version": "670c672608a1ffcbc7ac0f872734843593bb8b15", "lessThan": "0e84e74849d2d7e9b23a09c2d5e0d9357db1ca59", "status": "affected", "versionType": "git"}, {"version": "670c672608a1ffcbc7ac0f872734843593bb8b15", "lessThan": "c5e734f6a0740dce92e7c919e632cb43fa5d4e53", "status": "affected", "versionType": "git"}, {"version": "670c672608a1ffcbc7ac0f872734843593bb8b15", "lessThan": "622ab02e955c35c125ff2b65d8327b2c52db8758", "status": "affected", "versionType": "git"}, {"version": "670c672608a1ffcbc7ac0f872734843593bb8b15", "lessThan": "9443202d91388026dbf7312972a74fbfd27ee82f", "status": "affected", "versionType": "git"}, {"version": "670c672608a1ffcbc7ac0f872734843593bb8b15", "lessThan": "ea4fa54b83bb2e4a21e9026824bfe271b1a6ee1e", "status": "affected", "versionType": "git"}, {"version": "670c672608a1ffcbc7ac0f872734843593bb8b15", "lessThan": "18605b1b936b66b1f34dcf8e9ad4f1fbcf7a7c13", "status": "affected", "versionType": "git"}, {"version": "670c672608a1ffcbc7ac0f872734843593bb8b15", "lessThan": "572f17180f26619809b8e0593d926762aa8660ff", "status": "affected", "versionType": "git"}, {"version": "670c672608a1ffcbc7ac0f872734843593bb8b15", "lessThan": "b826d2c0b0ecb844c84431ba6b502e744f5d919a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pmdomain/bcm/bcm2835-power.c"], "versions": [{"version": "5.1", "status": "affected"}, {"version": "0", "lessThan": "5.1", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.78", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "6.12.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0e84e74849d2d7e9b23a09c2d5e0d9357db1ca59"}, {"url": "https://git.kernel.org/stable/c/c5e734f6a0740dce92e7c919e632cb43fa5d4e53"}, {"url": "https://git.kernel.org/stable/c/622ab02e955c35c125ff2b65d8327b2c52db8758"}, {"url": "https://git.kernel.org/stable/c/9443202d91388026dbf7312972a74fbfd27ee82f"}, {"url": "https://git.kernel.org/stable/c/ea4fa54b83bb2e4a21e9026824bfe271b1a6ee1e"}, {"url": "https://git.kernel.org/stable/c/18605b1b936b66b1f34dcf8e9ad4f1fbcf7a7c13"}, {"url": "https://git.kernel.org/stable/c/572f17180f26619809b8e0593d926762aa8660ff"}, {"url": "https://git.kernel.org/stable/c/b826d2c0b0ecb844c84431ba6b502e744f5d919a"}], "title": "pmdomain: bcm: bcm2835-power: Increase ASB control timeout", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A7963C2-E27E-41F4-A575-6430E58CBEED", "versionEndExcluding": "5.10.253", "versionStartIncluding": "5.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20DDB3E9-AABF-4107-ADB0-5362AA067045", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EDC6BAF-B710-4E26-B6AA-D68922EE7B43", "versionEndExcluding": "6.1.167", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267", "versionEndExcluding": "6.6.130", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "28D591F5-B196-4CC9-905C-DC80F116E7A8", "versionEndExcluding": "6.12.78", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5571059-6552-48E7-9BEF-3E358C387171", "versionEndExcluding": "6.18.20", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "96D34333-38BE-4414-9E79-6EB764329581", "versionEndExcluding": "6.19.10", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.1:-:*:*:*:*:*:*", "matchCriteriaId": "D89FA266-EDB9-412A-B18E-1B5A0FCC3C0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: bcm: bcm2835-power: Increase ASB control timeout\n\nThe bcm2835_asb_control() function uses a tight polling loop to wait\nfor the ASB bridge to acknowledge a request. During intensive workloads,\nthis handshake intermittently fails for V3D's master ASB on BCM2711,\nresulting in \"Failed to disable ASB master for v3d\" errors during\nruntime PM suspend. As a consequence, the failed power-off leaves V3D in\na broken state, leading to bus faults or system hangs on later accesses.\n\nAs the timeout is insufficient in some scenarios, increase the polling\ntimeout from 1us to 5us, which is still negligible in the context of a\npower domain transition. Also, replace the open-coded ktime_get_ns()/\ncpu_relax() polling loop with readl_poll_timeout_atomic()."}], "id": "CVE-2026-31550", "lastModified": "2026-04-27T20:15:37.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T15:16:29.207", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0e84e74849d2d7e9b23a09c2d5e0d9357db1ca59"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/18605b1b936b66b1f34dcf8e9ad4f1fbcf7a7c13"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/572f17180f26619809b8e0593d926762aa8660ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/622ab02e955c35c125ff2b65d8327b2c52db8758"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9443202d91388026dbf7312972a74fbfd27ee82f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b826d2c0b0ecb844c84431ba6b502e744f5d919a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c5e734f6a0740dce92e7c919e632cb43fa5d4e53"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea4fa54b83bb2e4a21e9026824bfe271b1a6ee1e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: pmdomain: bcm: bcm2835-power: Increase ASB control timeout", "id": "2461504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461504"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-821", "details": ["A flaw was found in the Linux kernel's bcm2835-power component. An insufficient timeout during the ASB (Advanced System Bus) bridge control process, particularly under heavy system load, can prevent the V3D graphics processor from properly disabling. This can leave the V3D in an unstable state, potentially leading to system bus faults or complete system hangs, thereby impacting system availability."], "name": "CVE-2026-31550", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31550\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31550\nhttps://lore.kernel.org/linux-cve-announce/2026042426-CVE-2026-31550-17d2@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[670c672608a1ffcbc7ac0f872734843593bb8b15,0e84e74849d2d7e9b23a09c2d5e0d9357db1ca59)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[670c672608a1ffcbc7ac0f872734843593bb8b15,c5e734f6a0740dce92e7c919e632cb43fa5d4e53)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[670c672608a1ffcbc7ac0f872734843593bb8b15,622ab02e955c35c125ff2b65d8327b2c52db8758)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[670c672608a1ffcbc7ac0f872734843593bb8b15,9443202d91388026dbf7312972a74fbfd27ee82f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[670c672608a1ffcbc7ac0f872734843593bb8b15,ea4fa54b83bb2e4a21e9026824bfe271b1a6ee1e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[670c672608a1ffcbc7ac0f872734843593bb8b15,18605b1b936b66b1f34dcf8e9ad4f1fbcf7a7c13)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[670c672608a1ffcbc7ac0f872734843593bb8b15,572f17180f26619809b8e0593d926762aa8660ff)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[670c672608a1ffcbc7ac0f872734843593bb8b15,b826d2c0b0ecb844c84431ba6b502e744f5d919a)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,5.1)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.253,5.11.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.203,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.78,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.20,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T14:17:11.564965+00:00", "value": {"mitigation_remediation": ["Update the running kernel to a version that includes the patch which increases the ASB control timeout and replaces the polling loop with readl_poll_timeout_atomic().", "After upgrading, reboot the system to load the updated driver and confirm that V3D can suspend and resume without generating \u201cFailed to disable ASB master for v3d\u201d errors.", "Test runtime power\u2011management on the device by performing a suspend/resume cycle under load to ensure the error no longer occurs. If an upgrade is not immediately viable, temporarily disable runtime PM for the V3D device to avoid the fault."], "summary": {"action": "Apply Patch", "impact": "Denial of Service via bus faults or system hangs"}, "threat_synthesis": {"affected_systems": "All Linux kernel releases that support the BCM2835 power domain, including kernel 5.1 and every 7.0 release candidate through 7.0 rc7, are potentially affected. The flaw exists in the BCM2835 module that interfaces with the V3D master ASB on BCM2711 devices, i.e. Raspberry\u202fPi and similar Broadcom SoC boards.", "description_and_impact": "The BCM2835 power domain driver on Broadcom BCM2711 contains a tight polling loop that waits for the ASB bridge to acknowledge control requests. During periods of intensive workload, this handshake can fail, causing the kernel to report \"Failed to disable ASB master for v3d\" during runtime power\u2011management suspend. When these handshakes fail, the V3D device is left in a broken state, leading to bus faults or complete system hangs on subsequent accesses. As the issue originates in kernel code and manifests as a loss of device functionality, the primary impact is a denial of service on the affected system, reducing overall stability and availability. The requirement for local or privileged kernel access and the attack vector are inferred from the description.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity vulnerability. The EPSS score is below 1%, suggesting a low likelihood of widespread exploitation. The issue is not indexed in the CISA KEV catalog, further indicating limited known exploitation activity. The vulnerability requires local or privileged kernel access to trigger, typically by initiating a power\u2011management suspend while the system is under heavy load. Because it is a kernel bug that causes a hardware resource to remain in a failed state, exploitation does not yield arbitrary code execution but results in services hanging or the system becoming unstable. Therefore, the risk is primarily confidentiality\u2011side effects are negligible, but integrity and availability are impacted when the fault is triggered. The attack vector is likely local with privileged kernel access, inferred from the need to trigger a power\u2011management suspend."}}}}, "created": "2026-04-27T19:15:11.621909+00:00", "updated": "2026-04-28T14:30:33.740620+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}