Linux Kernel MCP23S08 Pinctrl Driver Interrupt Handling Vulnerability

A vulnerability in the Linux kernel's MCP23S08 pin control driver can lead to a kernel crash. This issue arises when a chip is probed and the interrupt-on-change feature is enabled on some pins, potentially after a reboot. If a pin generates an interrupt without a registered handler, it can cause a crash by attempting to read from an invalid memory address. This problem has existed but became apparent after a recent commit that changed how interrupt handling works, allowing unhandled interrupts to cause a crash. The vulnerability affects the Linux kernel through version 7.0.0-rc6.

Impact

The vulnerability can cause a kernel crash by allowing unhandled interrupts to disrupt normal processing, leading to a failure in the interrupt handling routine.

Reproduction

To reproduce this vulnerability, probe a chip using the MCP23S08 pin control driver after a reboot, ensuring that the interrupt-on-change feature is enabled on some pins. This will cause the chip to generate interrupts for those pins. If the interrupts are not handled properly, it will lead to a kernel crash.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.