VYPR
← All advisories
Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 11, 2026

CVE-2026-43181

CVE-2026-43181

Description

In the Linux kernel, the following vulnerability has been resolved:

gpio: sysfs: fix chip removal with GPIOs exported over sysfs

Currently if we export a GPIO over sysfs and unbind the parent GPIO controller, the exported attribute will remain under /sys/class/gpio because once we remove the parent device, we can no longer associate the descriptor with it in gpiod_unexport() and never drop the final reference.

Rework the teardown code: provide an unlocked variant of gpiod_unexport() and remove all exported GPIOs with the sysfs_lock taken before unregistering the parent device itself. This is done to prevent any new exports happening before we unregister the device completely.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel GPIO sysfs export removal fails when parent controller is unbound, leaving stale entries and potential memory leak.

The vulnerability resides in the GPIO sysfs interface. When a GPIO is exported via sysfs and the parent GPIO controller is subsequently removed (e.g., by unbinding the driver), the exported attribute is not cleaned up. This occurs because the association between the GPIO descriptor and the device is lost during removal, preventing the final reference count from being dropped [1].

To exploit this, an attacker needs local access to export GPIOs via sysfs and trigger the removal of the GPIO controller. This could be achieved by an unprivileged user if they have permission to write to the sysfs export files and unbind the controller driver. The attack surface is limited to users with sufficient privileges on the sysfs filesystem.

The impact is a residual sysfs entry that cannot be removed, leading to a kernel memory leak of the GPIO descriptor and associated structures. While the CVSS score is Medium (5.5), repeated exploitation could cause resource exhaustion, affecting system availability.

The fix has been applied to the Linux kernel stable tree via commits [1], [2], and [3]. These commits rework the teardown code to provide an unlocked variant of gpiod_unexport() and remove all exported GPIOs with the sysfs_lock taken before unregistering the parent device. Users should update to the latest stable kernel to mitigate this issue.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1
  • Linux/Kernel
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    Range: >=6.17,<6.18.16

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.