Linux Kernel GPIO Chip IRQ Initialization Race Condition Vulnerability

Vulnerability

A race condition vulnerability has been identified in the Linux kernel's GPIO (General Purpose Input/Output) subsystem. This issue arises because the IRQ (interrupt request) members of GPIO chips are exposed before they are fully initialized, leading to potential NULL pointer dereferences in the kernel. The vulnerability was observed when the 'gc->irq.domain' variable was accessed via the I2C interface, before it could be properly initialized by the 'gpiochip_add_irqchip()' function. This premature access created a race condition, allowing for a NULL pointer dereference in the kernel.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference in the kernel, causing a crash or denial of service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel GPIO Chip IRQ Initialization Race Condition Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating