CVE-2026-43181
GPIO Chip Removal with Exported Sysfs GPIOs in Linux Kernel
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's GPIO sysfs interface. When a GPIO is exported over sysfs and the parent GPIO controller is unbound or removed, the exported GPIO attribute remains in the /sys/class/gpio directory. This happens because after the parent device is removed, the system can no longer associate the GPIO descriptor with the parent device in the unexport function (gpiod_unexport), causing the final reference to never be dropped.
The fix involves reworking the teardown code to provide an unlocked variant of gpiod_unexport() and removing all exported GPIOs while holding the sysfs_lock before unregistering the parent device. This prevents new exports from occurring before the device is fully unregistered.
How can this vulnerability impact me? :
This vulnerability in the Linux kernel involves the improper removal of GPIOs exported over sysfs. If a GPIO is exported and the parent GPIO controller is unbound, the exported attribute remains under /sys/class/gpio because the system cannot properly associate and unexport the GPIO. This can lead to stale or orphaned GPIO entries in sysfs, potentially causing resource management issues or unexpected behavior in systems relying on GPIO state.