CVE-2022-49072

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> gpio: Restrict usage of GPIO chip irq members before initialization<br /> <br /> GPIO chip irq members are exposed before they could be completely<br /> initialized and this leads to race conditions.<br /> <br /> One such issue was observed for the gc-&gt;irq.domain variable which<br /> was accessed through the I2C interface in gpiochip_to_irq() before<br /> it could be initialized by gpiochip_add_irqchip(). This resulted in<br /> Kernel NULL pointer dereference.<br /> <br /> Following are the logs for reference :-<br /> <br /> kernel: Call Trace:<br /> kernel: gpiod_to_irq+0x53/0x70<br /> kernel: acpi_dev_gpio_irq_get_by+0x113/0x1f0<br /> kernel: i2c_acpi_get_irq+0xc0/0xd0<br /> kernel: i2c_device_probe+0x28a/0x2a0<br /> kernel: really_probe+0xf2/0x460<br /> kernel: RIP: 0010:gpiochip_to_irq+0x47/0xc0<br /> <br /> To avoid such scenarios, restrict usage of GPIO chip irq members before<br /> they are completely initialized.