CVE-2026-31486

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hwmon: (pmbus/core) Protect regulator operations with mutex<br /> <br /> The regulator operations pmbus_regulator_get_voltage(),<br /> pmbus_regulator_set_voltage(), and pmbus_regulator_list_voltage()<br /> access PMBus registers and shared data but were not protected by<br /> the update_lock mutex. This could lead to race conditions.<br /> <br /> However, adding mutex protection directly to these functions causes<br /> a deadlock because pmbus_regulator_notify() (which calls<br /> regulator_notifier_call_chain()) is often called with the mutex<br /> already held (e.g., from pmbus_fault_handler()). If a regulator<br /> callback then calls one of the now-protected voltage functions,<br /> it will attempt to acquire the same mutex.<br /> <br /> Rework pmbus_regulator_notify() to utilize a worker function to<br /> send notifications outside of the mutex protection. Events are<br /> stored as atomics in a per-page bitmask and processed by the worker.<br /> <br /> Initialize the worker and its associated data during regulator<br /> registration, and ensure it is cancelled on device removal using<br /> devm_add_action_or_reset().<br /> <br /> While at it, remove the unnecessary include of linux/of.h.