Linux Kernel GPIO Regulator Out-of-Bounds Access Vulnerability

Vulnerability

A vulnerability in the Linux kernel's GPIO regulator handling has been addressed. The issue stemmed from an out-of-bounds access to the driver data's GPIO descriptor array. The memory was allocated for only a single pointer, leading to potential out-of-bounds access if the configuration specified more than one GPIO. The vulnerability has been fixed by ensuring that enough memory is allocated to accommodate the specified number of GPIO descriptors. Additionally, the error handling for memory allocation failures has been improved for better readability.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing undefined behavior such as memory corruption or application crashes.

Added: Jul 25, 2025, 1:44 PM

Updated: Jul 25, 2025, 6:15 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel GPIO Regulator Out-of-Bounds Access Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating