CVE-2026-22986

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a race condition within the gpiolib component related to the gdev->srcu. Specifically, when multiple drivers concurrently call gpiochip add data with key(), a scenario can occur where one driver traverses the srcu-protected list in gpio name to desc(), while another has just added its gdev in gpiodev add to list unlocked(). This creates a timeframe where one instance attempts to dereference and use &gdev->srcu before it has been initialized by the other, leading to a kernel crash. The crash is triggered by accessing an uninitialized memory location during the srcu read lock function, as indicated by the call trace. The issue is resolved by reordering initialization code for gdev fields and adjusting goto statements to ensure proper sequencing of operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.