Time-of-check Time-of-use (TOCTOU) Affecting kernel-rt-64k-core package, versions *


Severity

Recommended
medium

Based on CentOS security rating.

Threat Intelligence

EPSS
0.02% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Time-of-check Time-of-use (TOCTOU) vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CENTOS10-KERNELRT64KCORE-16248397
  • published25 Apr 2026
  • disclosed24 Apr 2026

Introduced: 24 Apr 2026

NewCVE-2026-31572  (opens in a new tab)
CWE-367  (opens in a new tab)

How to fix?

There is no fixed version for Centos:10 kernel-rt-64k-core.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-rt-64k-core package and not the kernel-rt-64k-core package as distributed by Centos. See How to fix? for Centos:10 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

i2c: designware: amdisp: Fix resume-probe race condition issue

Identified resume-probe race condition in kernel v7.0 with the commit 38fa29b01a6a ("i2c: designware: Combine the init functions"),but this issue existed from the beginning though not detected.

The amdisp i2c device requires ISP to be in power-on state for probe to succeed. To meet this requirement, this device is added to genpd to control ISP power using runtime PM. The pm_runtime_get_sync() called before i2c_dw_probe() triggers PM resume, which powers on ISP and also invokes the amdisp i2c runtime resume before the probe completes resulting in this race condition and a NULL dereferencing issue in v7.0

Fix this race condition by using the genpd APIs directly during probe:

  • Call dev_pm_genpd_resume() to Power ON ISP before probe
  • Call dev_pm_genpd_suspend() to Power OFF ISP after probe
  • Set the device to suspended state with pm_runtime_set_suspended()
  • Enable runtime PM only after the device is fully initialized

CVSS Base Scores

version 3.1