Linux Kernel GPIO Sysfs Chip Removal Vulnerability

A vulnerability in the Linux kernel's GPIO sysfs management has been addressed. When a GPIO is exported over sysfs and the parent GPIO controller is unbound, the exported attribute remains under /sys/class/gpio. This occurs because once the parent device is removed, the descriptor can no longer be associated with it, preventing the final reference from being released. The vulnerability arises during the chip removal process, where exported GPIOs are not properly unregistered, leading to a lingering presence in the sysfs interface.

Impact

The vulnerability could result in exported GPIOs not being properly unregistered when the parent GPIO controller is removed, potentially leading to resource leaks or inconsistent device states.

Reproduction

To reproduce this issue, export a GPIO over sysfs and then unbind the parent GPIO controller. The exported GPIO will remain listed under /sys/class/gpio, as the removal of the parent device disrupts the association needed to properly unexport the GPIO. This can be verified by checking the sysfs GPIO class after the unbinding process.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.