CVE-2026-31741

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> counter: rz-mtu3-cnt: prevent counter from being toggled multiple times<br /> <br /> Runtime PM counter is incremented / decremented each time the sysfs<br /> enable file is written to.<br /> <br /> If user writes 0 to the sysfs enable file multiple times, runtime PM<br /> usage count underflows, generating the following message.<br /> <br /> rz-mtu3-counter rz-mtu3-counter.0: Runtime PM usage count underflow!<br /> <br /> At the same time, hardware registers end up being accessed with clocks<br /> off in rz_mtu3_terminate_counter() to disable an already disabled<br /> channel.<br /> <br /> If user writes 1 to the sysfs enable file multiple times, runtime PM<br /> usage count will be incremented each time, requiring the same number of<br /> 0 writes to get it back to 0.<br /> <br /> If user writes 0 to the sysfs enable file while PWM is in progress, PWM<br /> is stopped without counter being the owner of the underlying MTU3<br /> channel.<br /> <br /> Check against the cached count_is_enabled value and exit if the user<br /> is trying to set the same enable value.