CVE-2022-49072
gpio: Restrict usage of GPIO chip irq members before initialization
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
26 Feb 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
gpio: Restrict usage of GPIO chip irq members before initialization
GPIO chip irq members are exposed before they could be completely
initialized and this leads to race conditions.
One such issue was observed for the gc->irq.domain variable which
was accessed through the I2C interface in gpiochip_to_irq() before
it could be initialized by gpiochip_add_irqchip(). This resulted in
Kernel NULL pointer dereference.
Following are the logs for reference :-
kernel: Call Trace:
kernel: gpiod_to_irq+0x53/0x70
kernel: acpi_dev_gpio_irq_get_by+0x113/0x1f0
kernel: i2c_acpi_get_irq+0xc0/0xd0
kernel: i2c_device_probe+0x28a/0x2a0
kernel: really_probe+0xf2/0x460
kernel: RIP: 0010:gpiochip_to_irq+0x47/0xc0
To avoid such scenarios, restrict usage of GPIO chip irq members before
they are completely initialized.
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/0912cf021fb5749372b3782611d8b1de4986c13ahttps://git.kernel.org/stable/c/2c1fa3614795e2b24da1ba95de0b27b8f6ea4537https://git.kernel.org/stable/c/5467801f1fcbdc46bc7298a84dbf3ca1ff2a7320https://git.kernel.org/stable/c/7e88a50704b0c49ad3f2d11e8b963341cf68a89fhttps://git.kernel.org/stable/c/f8dea54f74cae8c2e4d7b2952e8fed7743a85c87