Primary

Context

Linux Kernel Pinctrl Qcom MSM GPIO Interrupt Validation Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's pinctrl Qualcomm MSM driver allows user-space to crash the kernel by sending invalid GPIO interrupt requests. This issue arises on some platforms where the UFS-reset pin, lacking interrupt logic, is incorrectly registered as a GPIO. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a kernel crash, caused by an invalid GPIO interrupt request from user-space.

Reproduction

The vulnerability can be reproduced by using the 'gpiomon' command to monitor a GPIO pin that has been improperly configured to handle interrupts. This will trigger a BUG() in the pinctrl-msm driver, causing a kernel crash.

Remediation

The vulnerability has been addressed in the official Linux Git repository. Users can upgrade to the latest version to apply the fix.

Added: Aug 16, 2025, 11:22 AM

Updated: Aug 16, 2025, 11:22 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Pinctrl Qcom MSM GPIO Interrupt Validation Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating