CVE-2025-38335
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-12-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT When enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs in hard irq context, but the input_event() takes a spin_lock, which isn't allowed there as it is converted to a rt_spin_lock(). [ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0 ... [ 4054.290195] __might_resched+0x13c/0x1f4 [ 4054.290209] rt_spin_lock+0x54/0x11c [ 4054.290219] input_event+0x48/0x80 [ 4054.290230] gpio_keys_irq_timer+0x4c/0x78 [ 4054.290243] __hrtimer_run_queues+0x1a4/0x438 [ 4054.290257] hrtimer_interrupt+0xe4/0x240 [ 4054.290269] arch_timer_handler_phys+0x2c/0x44 [ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c [ 4054.290297] handle_irq_desc+0x40/0x58 [ 4054.290307] generic_handle_domain_irq+0x1c/0x28 [ 4054.290316] gic_handle_irq+0x44/0xcc Considering the gpio_keys_irq_isr() can run in any context, e.g. it can be threaded, it seems there's no point in requesting the timer isr to run in hard irq context. Relax the hrtimer not to use the hard context.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-12-16
Generated
2026-05-27
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-25
NVD
CVE-2025-38335
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.16 (inc) to 6.1.148 (inc)
debian debian_linux 11.0
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's gpio-keys input driver when the PREEMPT_RT patch is enabled. The gpio_keys_irq_timer() callback runs in a hard interrupt context, but it calls input_event(), which takes a spin_lock. Taking a spin_lock in hard interrupt context is not allowed because it is converted to a real-time spin lock (rt_spin_lock), which can cause the kernel to attempt to sleep in an atomic context, leading to a BUG. The fix involves relaxing the high-resolution timer (hrtimer) so it does not run in hard interrupt context, preventing the invalid sleep call.


How can this vulnerability impact me? :

This vulnerability can cause kernel crashes or instability due to the kernel attempting to sleep while holding a spin lock in hard interrupt context. This can lead to system bugs, degraded reliability, or potential denial of service if the kernel becomes unresponsive or crashes.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for specific kernel error messages indicating a sleeping function called from an invalid context. Look for messages similar to: '[ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48' and stack traces involving input_event and gpio_keys_irq_timer. You can use the command 'dmesg | grep -i "sleeping function called from invalid context"' or 'journalctl -k | grep -i "sleeping function called from invalid context"' to find such occurrences.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the gpio-keys fix for PREEMPT_RT is applied. This fix relaxes the hrtimer so it does not run in hard IRQ context, preventing the invalid sleep in atomic context. Until the update is applied, avoid enabling PREEMPT_RT with gpio-keys or monitor for the issue and consider disabling affected features if possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart