Linux Kernel Vulnerability Affecting GPIO Keys Timer Functionality

CVE-2025-38335

What is CVE-2025-38335?

A vulnerability in the Linux kernel could allow a sleep function to be called from an invalid context when enabling PREEMPT_RT. The issue arises in the gpio_keys_irq_timer() callback, which executes in a hard IRQ context, while the input_event() function requires a spin lock that conflicts with this context. Consequently, this can lead to potential system instability or crashes, as the timer ISR may be misconfigured to run in an inappropriate context. The proposed fix relaxes the hrtimer, ensuring it does not operate under hard IRQ context, mitigating the risk associated with this design flaw.

References