CVE-2022-50453

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to GPIO character device handling. Specifically, a NULL-pointer dereference can occur when requesting lines, unbinding the GPIO device, and then calling system calls such as ioctl(), read(), or poll(). This issue impacts both version 1 and version 2 of the user-space API (uAPI). The problem arises from a race condition where a device might be removed after a NULL check, leading to a potential kernel crash. This can affect GPIO devices capable of hot-unplugging, including HID GPIO expanders like the CP2112, and was observed with the GPIO simulator.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.