CVE-2026-31480

Name	CVE-2026-31480
Description	In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock in cpu hotplug with osnoise The following sequence may leads deadlock in cpu hotplug: task1 task2 task3 ----- ----- ----- mutex_lock(&interface_lock) [CPU GOING OFFLINE] cpus_write_lock(); osnoise_cpu_die(); kthread_stop(task3); wait_for_completion(); osnoise_sleep(); mutex_lock(&interface_lock); cpus_read_lock(); [DEAD LOCK] Fix by swap the order of cpus_read_lock() and mutex_lock(&interface_lock).
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	fixed
	bullseye (security)	5.10.251-1	fixed
	bookworm	6.1.159-1	vulnerable
	bookworm (security)	6.1.164-1	vulnerable
	trixie	6.12.73-1	vulnerable
	trixie (security)	6.12.74-2	vulnerable
	forky	6.19.11-1	fixed
	sid	6.19.13-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
linux	source	bullseye	(not affected)
linux	source	(unstable)	6.19.11-1

[bullseye] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/1f9885732248d22f788e4992c739a98c88ab8a55 (7.0-rc6)