CVE-2023-54118
Unknown Unknown - Not Provided
Race Condition in Linux sc16is7xx GPIO Driver Causes Kernel Oops

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before the sc16is7xx device has finished initialising. This issue manifests itself as an Oops when the GPIO lines are configured: Unable to handle kernel read from unreadable memory at virtual address ... pc : sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx] lr : sc16is7xx_gpio_direction_output+0x4c/0x108 [sc16is7xx] ... Call trace: sc16is7xx_gpio_direction_output+0x68/0x108 [sc16is7xx] gpiod_direction_output_raw_commit+0x64/0x318 gpiod_direction_output+0xb0/0x170 create_gpio_led+0xec/0x198 gpio_led_probe+0x16c/0x4f0 platform_drv_probe+0x5c/0xb0 really_probe+0xe8/0x448 driver_probe_device+0xe8/0x138 __device_attach_driver+0x94/0x118 bus_for_each_drv+0x8c/0xe0 __device_attach+0x100/0x1b8 device_initial_probe+0x28/0x38 bus_probe_device+0xa4/0xb0 deferred_probe_work_func+0x90/0xe0 process_one_work+0x1c4/0x480 worker_thread+0x54/0x430 kthread+0x138/0x150 ret_from_fork+0x10/0x1c This patch moves the setup of the GPIO controller functions to later in the probe function, ensuring the sc16is7xx device has already finished initialising by the time other devices try to make use of the GPIO lines. The error handling has also been reordered to reflect the new initialisation order.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54118
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sc16is7xx sc16is7xx *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's sc16is7xx driver where the GPIO controller is set up too early during device initialization. This premature setup can cause a race condition where another device attempts to use the GPIO lines before the sc16is7xx device has fully initialized. This leads to a kernel Oops error due to invalid memory access when configuring the GPIO lines. The fix involves delaying the GPIO controller setup until later in the probe function to ensure proper initialization order.


How can this vulnerability impact me? :

The vulnerability can cause system instability or crashes due to kernel Oops errors when the GPIO lines are accessed prematurely. This may lead to device malfunction or unexpected behavior in systems relying on the sc16is7xx driver, potentially affecting system reliability and availability.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by applying a patch that delays the setup of the GPIO controller in the sc16is7xx driver until later in the probe function, ensuring the device has finished initializing before other devices use the GPIO lines. Immediate mitigation would involve updating the Linux kernel to a version that includes this fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart