Linux Kernel, Race Condition, CVE-2025-21912 (Medium)

By /

How the CVE Works:

The vulnerability exists in the GPIO driver of the Linux kernel (gpio-rcar) where improper spinlock usage leads to potential race conditions during interrupt configuration. The driver uses regular spinlocks (spinlock_t) to protect register access while handling GPIO interrupt mode configuration, which triggers warnings when spinlock debugging is enabled. This occurs because the lock is acquired in atomic context (interrupt handler path) where sleeping operations are prohibited. The issue manifests when multiple threads attempt to configure GPIO interrupts simultaneously, potentially leading to corrupted register states or system instability. The fix replaces `spinlock_t` with `raw_spinlock_t` to properly handle atomic context operations.

DailyCVE Form:

Platform: Linux Kernel
Version: Up to 6.13.0-rc7
Vulnerability: Race Condition
Severity: Medium
Date: 04/15/2025

What Undercode Say:

// Vulnerable code snippet:
static int gpio_rcar_config_interrupt_input_mode(struct gpio_chip chip,
unsigned int hwirq, bool enable)
{
spin_lock_irqsave(&p->lock, flags); // Wrong lock type
// Register access here
spin_unlock_irqrestore(&p->lock, flags);
}
// Fixed version:
static int gpio_rcar_config_interrupt_input_mode(struct gpio_chip chip,
unsigned int hwirq, bool enable)
{
raw_spin_lock_irqsave(&p->lock, flags); // Correct atomic lock
// Register access here
raw_spin_unlock_irqrestore(&p->lock, flags);
}

Exploit PoC Concept:

!/bin/bash
while true; do
echo 1 > /sys/class/gpio/gpioX/edge & Trigger in parallel
echo 0 > /sys/class/gpio/gpioX/edge &
done

Mitigation Commands:

Check kernel version
uname -r
Verify if patch is applied
grep -r "raw_spinlock_t" /lib/modules/$(uname -r)/source/drivers/gpio/gpio-rcar.c
Temporary workaround (if patching not possible):
echo 0 > /sys/class/gpio/gpioX/edge Disable interrupt handling

Debugging:

Check for lockdep warnings
dmesg | grep "BUG: Invalid wait context"
Monitor GPIO interrupts
cat /proc/interrupts | grep gpio

Kernel Config Protection:

CONFIG_DEBUG_SPINLOCK=y Helps detect similar issues
CONFIG_DEBUG_ATOMIC_SLEEP=y Catches atomic context violations

Patch Verification:

For kernel developers
git grep "raw_spin_lock_irqsave" drivers/gpio/gpio-rcar.c
Check commit history
git log --grep="CVE-2025-21912" drivers/gpio/

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top