Linux Kernel GPIO Character Device Event Notification Vulnerability

A vulnerability in the Linux kernel's GPIO character device handling has been addressed. The issue arose because the final call to release a file descriptor could be deferred and processed later, leaving the reference count at zero. This situation created a use-after-free condition, as a GPIO change meant to notify user space could occur after the file descriptor was marked for release but before the release callback was executed. The vulnerability has been fixed by ensuring that the file descriptor is still active before emitting events, using a variant of the file access function that safely handles released descriptors.

Impact

The vulnerability could lead to a use-after-free condition, allowing potential exploitation scenarios such as accessing freed memory, which could be manipulated for arbitrary code execution or causing a system crash.