Bug 2348209 (CVE-2022-49072) - CVE-2022-49072 kernel: gpio: Restrict usage of GPIO chip irq members before initialization
Summary: CVE-2022-49072 kernel: gpio: Restrict usage of GPIO chip irq members before i...
Keywords:
Status: NEW
Alias: CVE-2022-49072
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:21 UTC by OSIDB Bzimport
Modified: 2025-05-21 15:39 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:21:26 UTC 
In the Linux kernel, the following vulnerability has been resolved:

gpio: Restrict usage of GPIO chip irq members before initialization

GPIO chip irq members are exposed before they could be completely
initialized and this leads to race conditions.

One such issue was observed for the gc->irq.domain variable which
was accessed through the I2C interface in gpiochip_to_irq() before
it could be initialized by gpiochip_add_irqchip(). This resulted in
Kernel NULL pointer dereference.

Following are the logs for reference :-

kernel: Call Trace:
kernel:  gpiod_to_irq+0x53/0x70
kernel:  acpi_dev_gpio_irq_get_by+0x113/0x1f0
kernel:  i2c_acpi_get_irq+0xc0/0xd0
kernel:  i2c_device_probe+0x28a/0x2a0
kernel:  really_probe+0xf2/0x460
kernel: RIP: 0010:gpiochip_to_irq+0x47/0xc0

To avoid such scenarios, restrict usage of GPIO chip irq members before
they are completely initialized.
Comment 1 Avinash Hanwate 2025-02-26 13:23:18 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022655-CVE-2022-49072-8479@gregkh/T
Comment 5 Avinash Hanwate 2025-02-26 17:37:37 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022655-CVE-2022-49072-8479@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.