counter: rz-mtu3-cnt: prevent counter from being toggled multiple times

CVE	CVE-2026-31741
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-01 15:16:36 UTC
Updated	2026-05-07 19:55:42 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: prevent counter from being toggled multiple times Runtime PM counter is incremented / decremented each time the sysfs enable file is written to. If user writes 0 to the sysfs enable file multiple times, runtime PM usage count underflows, generating the following message. rz-mtu3-counter rz-mtu3-counter.0: Runtime PM usage count underflow! At the same time, hardware registers end up being accessed with clocks off in rz_mtu3_terminate_counter() to disable an already disabled channel. If user writes 1 to the sysfs enable file multiple times, runtime PM usage count will be incremented each time, requiring the same number of 0 writes to get it back to 0. If user writes 0 to the sysfs enable file while PWM is in progress, PWM is stopped without counter being the owner of the underlying MTU3 channel. Check against the cached count_is_enabled value and exit if the user is trying to set the same enable value.

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS: 0.000180000 probability, percentile 0.048290000 (date 2026-05-05)

Problem Types: NVD-CWE-Other

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 0be8907359df4c62319f5cb2c6981ff0d9ebf35a 885aa739a07ab45e90dfa997205acec97979ce4e git	Not specified
CNA	Linux	Linux	affected 0be8907359df4c62319f5cb2c6981ff0d9ebf35a ced8b48420eddb1251f93c22dc23fa136490b3cd git	Not specified
CNA	Linux	Linux	affected 0be8907359df4c62319f5cb2c6981ff0d9ebf35a e07237df8538b0ae98dce112e4f6db093d767f80 git	Not specified
CNA	Linux	Linux	affected 0be8907359df4c62319f5cb2c6981ff0d9ebf35a f5f6f06d7e6d262026578b59ba7426eb04acce5d git	Not specified
CNA	Linux	Linux	affected 0be8907359df4c62319f5cb2c6981ff0d9ebf35a 67c3f99bed6f422ba343d2b70a2eeeccdfd91bef git	Not specified
CNA	Linux	Linux	affected 6.4	Not specified
CNA	Linux	Linux	unaffected 6.4 semver	Not specified
CNA	Linux	Linux	unaffected 6.6.134 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.81 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.22 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.12 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

Reference	Source	Link	Tags
git.kernel.org/stable/c/67c3f99bed6f422ba343d2b70a2eeeccdfd91bef	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/f5f6f06d7e6d262026578b59ba7426eb04acce5d	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/ced8b48420eddb1251f93c22dc23fa136490b3cd	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/e07237df8538b0ae98dce112e4f6db093d767f80	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/885aa739a07ab45e90dfa997205acec97979ce4e	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.