-

CVE-2025-38632

In the Linux kernel, the following vulnerability has been resolved:

pinmux: fix race causing mux_owner NULL with active mux_usecount

commit 5a3e85c3c397 ("pinmux: Use sequential access to access
desc->pinmux data") tried to address the issue when two client of the
same gpio calls pinctrl_select_state() for the same functionality, was
resulting in NULL pointer issue while accessing desc->mux_owner.
However, issue was not completely fixed due to the way it was handled
and it can still result in the same NULL pointer.

The issue occurs due to the following interleaving:

     cpu0 (process A)                   cpu1 (process B)

      pin_request() {                   pin_free() {

                                         mutex_lock()
                                         desc->mux_usecount--; //becomes 0
                                         ..
                                         mutex_unlock()

  mutex_lock(desc->mux)
  desc->mux_usecount++; // becomes 1
  desc->mux_owner = owner;
  mutex_unlock(desc->mux)

                                         mutex_lock(desc->mux)
                                         desc->mux_owner = NULL;
                                         mutex_unlock(desc->mux)

This sequence leads to a state where the pin appears to be in use
(`mux_usecount == 1`) but has no owner (`mux_owner == NULL`), which can
cause NULL pointer on next pin_request on the same pin.

Ensure that updates to mux_usecount and mux_owner are performed
atomically under the same lock. Only clear mux_owner when mux_usecount
reaches zero and no new owner has been assigned.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 9b2a3e7189028aa7c4d53a84364f2ea9fb209787
Version 2da32aed4a97ca1d70fb8b77926f72f30ce5fb4b
Status affected
Version < 9ea3f6b9a67be3476e331ce51cac316c2614a564
Version c11e2ec9a780f54982a187ee10ffd1b810715c85
Status affected
Version < b7bd6e3971eb7f0e34d2fdce1b18b08094e0c804
Version 5a3e85c3c397c781393ea5fb2f45b1f60f8a4e6e
Status affected
Version < 22b585cbd67d14df3b91529d1b990661c300faa9
Version 5a3e85c3c397c781393ea5fb2f45b1f60f8a4e6e
Status affected
Version < 0b075c011032f88d1cfde3b45d6dcf08b44140eb
Version 5a3e85c3c397c781393ea5fb2f45b1f60f8a4e6e
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.13
Status affected
Version < 6.13
Version 0
Status unaffected
Version <= 6.6.*
Version 6.6.102
Status unaffected
Version <= 6.12.*
Version 6.12.42
Status unaffected
Version <= 6.15.*
Version 6.15.10
Status unaffected
Version <= 6.16.*
Version 6.16.1
Status unaffected
Version <= *
Version 6.17-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.055
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String