ghsa-c243-ghfx-233w
Vulnerability from github
Published
2025-12-24 15:30
Modified
2025-12-24 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

serial: sc16is7xx: setup GPIO controller later in probe

The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before the sc16is7xx device has finished initialising.

This issue manifests itself as an Oops when the GPIO lines are configured:

Unable to handle kernel read from unreadable memory at virtual address
...
pc : sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]
lr : sc16is7xx_gpio_direction_output+0x4c/0x108 [sc16is7xx]
...
Call trace:
sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]
gpiod_direction_output_raw_commit+0x64/0x318
gpiod_direction_output+0xb0/0x170
create_gpio_led+0xec/0x198
gpio_led_probe+0x16c/0x4f0
platform_drv_probe+0x5c/0xb0
really_probe+0xe8/0x448
driver_probe_device+0xe8/0x138
__device_attach_driver+0x94/0x118
bus_for_each_drv+0x8c/0xe0
__device_attach+0x100/0x1b8
device_initial_probe+0x28/0x38
bus_probe_device+0xa4/0xb0
deferred_probe_work_func+0x90/0xe0
process_one_work+0x1c4/0x480
worker_thread+0x54/0x430
kthread+0x138/0x150
ret_from_fork+0x10/0x1c

This patch moves the setup of the GPIO controller functions to later in the probe function, ensuring the sc16is7xx device has already finished initialising by the time other devices try to make use of the GPIO lines. The error handling has also been reordered to reflect the new initialisation order.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-54118"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T13:16:13Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: setup GPIO controller later in probe\n\nThe GPIO controller component of the sc16is7xx driver is setup too\nearly, which can result in a race condition where another device tries\nto utilise the GPIO lines before the sc16is7xx device has finished\ninitialising.\n\nThis issue manifests itself as an Oops when the GPIO lines are configured:\n\n    Unable to handle kernel read from unreadable memory at virtual address\n    ...\n    pc : sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]\n    lr : sc16is7xx_gpio_direction_output+0x4c/0x108 [sc16is7xx]\n    ...\n    Call trace:\n    sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx]\n    gpiod_direction_output_raw_commit+0x64/0x318\n    gpiod_direction_output+0xb0/0x170\n    create_gpio_led+0xec/0x198\n    gpio_led_probe+0x16c/0x4f0\n    platform_drv_probe+0x5c/0xb0\n    really_probe+0xe8/0x448\n    driver_probe_device+0xe8/0x138\n    __device_attach_driver+0x94/0x118\n    bus_for_each_drv+0x8c/0xe0\n    __device_attach+0x100/0x1b8\n    device_initial_probe+0x28/0x38\n    bus_probe_device+0xa4/0xb0\n    deferred_probe_work_func+0x90/0xe0\n    process_one_work+0x1c4/0x480\n    worker_thread+0x54/0x430\n    kthread+0x138/0x150\n    ret_from_fork+0x10/0x1c\n\nThis patch moves the setup of the GPIO controller functions to later in the\nprobe function, ensuring the sc16is7xx device has already finished\ninitialising by the time other devices try to make use of the GPIO lines.\nThe error handling has also been reordered to reflect the new\ninitialisation order.",
  "id": "GHSA-c243-ghfx-233w",
  "modified": "2025-12-24T15:30:38Z",
  "published": "2025-12-24T15:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54118"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17b96b5c19bec791b433890549e44ca523dc82aa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/49b326ce8a686428d8cbb82ed74fc88ed3f95a51"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b71ff206707855ce73c04794c76f7b678b2d4f72"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8f71b49ee4d28930c4a6798d1969fa91dc4ef3e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f57c2164d082a36d177ab7fbf54c18970df89c22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.