{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T15:36:55.532","vulnerabilities":[{"cve":{"id":"CVE-2025-21943","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-04-01T16:15:25.400","lastModified":"2025-11-03T20:17:31.103","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: aggregator: protect driver attr handlers against module unload\n\nBoth new_device_store and delete_device_store touch module global\nresources (e.g. gpio_aggregator_lock). To prevent race conditions with\nmodule unload, a reference needs to be held.\n\nAdd try_module_get() in these handlers.\n\nFor new_device_store, this eliminates what appears to be the most dangerous\nscenario: if an id is allocated from gpio_aggregator_idr but\nplatform_device_register has not yet been called or completed, a concurrent\nmodule unload could fail to unregister/delete the device, leaving behind a\ndangling platform device/GPIO forwarder. This can result in various issues.\nThe following simple reproducer demonstrates these problems:\n\n  #!/bin/bash\n  while :; do\n    # note: whether 'gpiochip0 0' exists or not does not matter.\n    echo 'gpiochip0 0' > /sys/bus/platform/drivers/gpio-aggregator/new_device\n  done &\n  while :; do\n    modprobe gpio-aggregator\n    modprobe -r gpio-aggregator\n  done &\n  wait\n\n  Starting with the following warning, several kinds of warnings will appear\n  and the system may become unstable:\n\n  ------------[ cut here ]------------\n  list_del corruption, ffff888103e2e980->next is LIST_POISON1 (dead000000000100)\n  WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120\n  [...]\n  RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120\n  [...]\n  Call Trace:\n   <TASK>\n   ? __list_del_entry_valid_or_report+0xa3/0x120\n   ? __warn.cold+0x93/0xf2\n   ? __list_del_entry_valid_or_report+0xa3/0x120\n   ? report_bug+0xe6/0x170\n   ? __irq_work_queue_local+0x39/0xe0\n   ? handle_bug+0x58/0x90\n   ? exc_invalid_op+0x13/0x60\n   ? asm_exc_invalid_op+0x16/0x20\n   ? __list_del_entry_valid_or_report+0xa3/0x120\n   gpiod_remove_lookup_table+0x22/0x60\n   new_device_store+0x315/0x350 [gpio_aggregator]\n   kernfs_fop_write_iter+0x137/0x1f0\n   vfs_write+0x262/0x430\n   ksys_write+0x60/0xd0\n   do_syscall_64+0x6c/0x180\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n   [...]\n   </TASK>\n  ---[ end trace 0000000000000000 ]---"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gpio: gregator: protege los controladores attr del controlador contra la descarga del módulo Tanto new_device_store como delete_device_store tocan los recursos globales del módulo (por ejemplo, gpio_aggregator_lock). Para evitar condiciones de ejecución con la descarga del módulo, se debe mantener una referencia. Agregue try_module_get() en estos controladores. Para new_device_store, esto elimina lo que parece ser el escenario más peligroso: si se asigna un id desde gpio_aggregator_idr pero platform_device_register aún no se ha llamado o completado, una descarga de módulo concurrente podría fallar al anular el registro/eliminar el dispositivo, dejando atrás un reenvío de dispositivo de plataforma/GPIO colgante. Esto puede resultar en varios problemas. El siguiente reproductor simple demuestra estos problemas: #!/bin/bash while :; do # nota: no importa si 'gpiochip0 0' existe o no. echo 'gpiochip0 0' &gt; /sys/bus/platform/drivers/gpio-aggregator/new_device done &amp; while :; do modprobe gpio-aggregator modprobe -r gpio-aggregator done &amp; wait A partir de la siguiente advertencia, aparecerán varios tipos de advertencias y el sistema puede volverse inestable: ------------[ cortar aquí ]------------ list_del corruption, ffff888103e2e980-&gt;next is LIST_POISON1 (dead000000000100) WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120 [...] RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120 [...] Call Trace:  ? __list_del_entry_valid_or_report+0xa3/0x120 ? __warn.cold+0x93/0xf2 ? __list_del_entry_valid_or_report+0xa3/0x120 ? report_bug+0xe6/0x170 ? __irq_work_queue_local+0x39/0xe0 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x60 ? asm_exc_invalid_op+0x16/0x20 ? __list_del_entry_valid_or_report+0xa3/0x120 gpiod_remove_lookup_table+0x22/0x60 new_device_store+0x315/0x350 [gpio_aggregator] kernfs_fop_write_iter+0x137/0x1f0 vfs_write+0x262/0x430 ksys_write+0x60/0xd0 do_syscall_64+0x6c/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e [...]  ---[ fin de seguimiento 000000000000000 ]---"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.10.235","matchCriteriaId":"17FFC38A-2679-443B-8BDB-D553D86D60EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.179","matchCriteriaId":"C708062C-4E1B-465F-AE6D-C09C46400875"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.131","matchCriteriaId":"BA9C2DE3-D37C-46C6-8DCD-2EE509456E0B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.83","matchCriteriaId":"7D9F642F-6E05-4926-B0FE-62F95B7266BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.19","matchCriteriaId":"32865E5C-8AE1-4D3D-A64D-299039694A88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.7","matchCriteriaId":"842F5A44-3E71-4546-B4FD-43B0ACE3F32B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*","matchCriteriaId":"186716B6-2B66-4BD0-852E-D48E71C0C85F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*","matchCriteriaId":"0D3E781C-403A-498F-9DA9-ECEE50F41E75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*","matchCriteriaId":"66619FB8-0AAF-4166-B2CF-67B24143261D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*","matchCriteriaId":"D3D6550E-6679-4560-902D-AF52DCFE905B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*","matchCriteriaId":"45B90F6B-BEC7-4D4E-883A-9DBADE021750"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/12f65d1203507f7db3ba59930fe29a3b8eee9945","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/56281a76b805b5ac61feb5d580139695a22f87f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/807789018186cf508ceb3a1f8f02935cd195717b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8fb07fb1bba91d45846ed8605c3097fe67a7d54c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9334c88fc2fbc6836b307d269fcc1744c69701c0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d99dc8f7ea01ee1b21306e0eda8eb18a4af80db6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fd6aa1f8cbe0979eb66ac32ebc231bf0b10a2117","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}