GPIO Interrupt Logic Vulnerability in Linux Kernel for Qualcomm MSM

CVE-2025-38516

What is CVE-2025-38516?

A vulnerability exists within the Linux kernel regarding GPIO interrupt logic in Qualcomm MSM platforms. Specifically, the UFS-reset pin is incorrectly marked as capable of generating interrupts, despite lacking the necessary interrupt logic in the TLMM. This misconfiguration allows user-space applications to provoke a crash in the pinctrl-msm driver by sending invalid requests to the GPIO. The issue arises when intr_detection_width is set to values outside the acceptable range of 1 or 2. To mitigate potential kernel crashes, the fix involved updating the driver to ensure that such pins are marked as invalid for interrupt requests, thereby preventing their registration as available IRQs. This corrective action significantly enhances stability and security for systems utilizing the impacted kernel versions.

References