PT-2025-8364 · Linux+4 · Linux Kernel+4

Published

2022-01-01

Updated

2026-03-14

CVE-2022-49430

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18.0-rc5-arm64-renesas-00116-g73636105874d-dirty #166

Description A vulnerability has been resolved in the Linux kernel. The issue is related to the gpio-keys module, which can either accept gpios or interrupts. The module initializes delayed work in case of gpios only and is only used if the debounce timer is not used. The vulnerability occurs when the gpio keys module is unloaded and an interrupt pin is used instead of GPIO, causing a warning and a call trace.

Recommendations For Linux kernel versions prior to 5.18.0-rc5-arm64-renesas-00116-g73636105874d-dirty #166, update to a newer version that includes the fix for this issue. As a temporary workaround, consider disabling the gpio keys module when using interrupt pins instead of GPIO to minimize the risk of exploitation.

Exploit

Fix

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2026-02219

CVE-2022-49430

RHSA-2024:9315

RHSA-2024_9315

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Debian

Linux Kernel

Red Hat

Suse

PT-2025-8364 · Linux+4 · Linux Kernel+4

CVE-2022-49430

Weakness Enumeration

Related Identifiers

Affected Products

References · 1336