CVE-2022-48660

gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully

Description

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully When running gpio test on nxp-ls1028 platform with below command gpiomon --num-events=3 --rising-edge gpiochip1 25 There will be a warning trace as below: Call trace: free_irq+0x204/0x360 lineevent_free+0x64/0x70 gpio_ioctl+0x598/0x6a0 __arm64_sys_ioctl+0xb4/0x100 invoke_syscall+0x5c/0x130 ...... el0t_64_sync+0x1a0/0x1a4 The reason of this issue is that calling request_threaded_irq() function failed, and then lineevent_free() is invoked to release the resource. Since the lineevent_state::irq was already set, so the subsequent invocation of free_irq() would trigger the above warning call trace. To fix this issue, set the lineevent_state::irq after the IRQ register successfully.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/657803b918e097e47d99d1489da83a603c36bcdd patch
https://git.kernel.org/stable/c/97da736cd11ae73bdf2f5e21e24446b8349e0168 patch
https://git.kernel.org/stable/c/b1489043d3b9004dd8d5a0357b08b5f0e6691c43 patch
https://git.kernel.org/stable/c/69bef19d6b9700e96285f4b4e28691cda3dcd0d1 patch

Frequently Asked Questions

What is the severity of CVE-2022-48660?
CVE-2022-48660 has been scored as a medium severity vulnerability.
How to fix CVE-2022-48660?
To fix CVE-2022-48660, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48660 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-48660 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48660?
CVE-2022-48660 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.