CVE-2024-47141

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.74

Description: The issue arises when two clients of the same gpio call pinctrl select state() for the same functionality, resulting in a NULL pointer issue while accessing desc->mux owner. This occurs because two processes, A and B, executing in pin request() for the same pin, can cause a situation where process A updates desc->mux usecount but not desc->mux owner, while process B sees the updated desc->mux usecount and attempts to access desc->mux owner, leading to a crash with a NULL pointer. The access to mux related settings is serialized with a mutex lock to resolve this issue.

Recommendations: To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider implementing a mutex lock to serialize access to the mux related settings, specifically around the pinctrl select state() and pin request() functions, to prevent concurrent modifications to desc->mux usecount and desc->mux owner.