CVE-2024-47141

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> pinmux: Use sequential access to access desc-&gt;pinmux data<br /> <br /> When two client of the same gpio call pinctrl_select_state() for the<br /> same functionality, we are seeing NULL pointer issue while accessing<br /> desc-&gt;mux_owner.<br /> <br /> Let&amp;#39;s say two processes A, B executing in pin_request() for the same pin<br /> and process A updates the desc-&gt;mux_usecount but not yet updated the<br /> desc-&gt;mux_owner while process B see the desc-&gt;mux_usecount which got<br /> updated by A path and further executes strcmp and while accessing<br /> desc-&gt;mux_owner it crashes with NULL pointer.<br /> <br /> Serialize the access to mux related setting with a mutex lock.<br /> <br /> cpu0 (process A) cpu1(process B)<br /> <br /> pinctrl_select_state() { pinctrl_select_state() {<br /> pin_request() { pin_request() {<br /> ...<br /> ....<br /> } else {<br /> desc-&gt;mux_usecount++;<br /> desc-&gt;mux_usecount &amp;&amp; strcmp(desc-&gt;mux_owner, owner)) {<br /> <br /> if (desc-&gt;mux_usecount &gt; 1)<br /> return 0;<br /> desc-&gt;mux_owner = owner;<br /> <br /> } }