CVE-2024-47141
Published: Jan 11, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc->pinmux data When two client of the same gpio call pinctrl_select_state() for the same functionality, we are seeing NULL pointer issue while accessing desc->mux_owner. Let's say two processes A, B executing in pin_request() for the same pin and process A updates the desc->mux_usecount but not yet updated the desc->mux_owner while process B see the desc->mux_usecount which got updated by A path and further executes strcmp and while accessing desc->mux_owner it crashes with NULL pointer. Serialize the access to mux related setting with a mutex lock. cpu0 (process A) cpu1(process B) pinctrl_select_state() { pinctrl_select_state() { pin_request() { pin_request() { ... .... } else { desc->mux_usecount++; desc->mux_usecount && strcmp(desc->mux_owner, owner)) { if (desc->mux_usecount > 1) return 0; desc->mux_owner = owner; } }
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 - < 2da32aed4a97ca1d70fb8b77926f72f30ce5fb4baffected 42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 - < c11e2ec9a780f54982a187ee10ffd1b810715c85affected 42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 - < 5a3e85c3c397c781393ea5fb2f45b1f60f8a4e6e |
Linux | Linux | affected 3.10unaffected 0 - < 3.10unaffected 6.6.66 - <= 6.6.*unaffected 6.12.5 - <= 6.12.*unaffected 6.13 - <= * |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now