CVE-2025-38335
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's gpio-keys driver when PREEMPT_RT is enabled. The issue occurs when the gpio_keys_irq_timer() callback attempts to acquire a spinlock in hard interrupt context, which can cause system instability or crashes. This affects Linux systems using PREEMPT_RT with gpio-keys functionality.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash or kernel panic leading to denial of service, potentially causing data loss or service disruption.
Likely Case
System instability, occasional crashes, or performance degradation when gpio-keys are actively used with PREEMPT_RT enabled.
If Mitigated
Minor performance impact or no noticeable effect if gpio-keys functionality is not heavily utilized.
🎯 Exploit Status
Exploitation requires local access and specific hardware/configuration conditions. This is primarily a stability issue rather than a security vulnerability for privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check kernel version containing commits: 664e5a6f541ff226621487d1280d2ec28e86be28, a7b79db25846459de63ca8974268f0c41c734c4b, a8f01e51109f77229e426b57c5d19251b462c6aa, ec8f5da79b425deef5aebacdd4fe645620cd4f0b, f4a8f561d08e39f7833d4a278ebfb12a41eef15f
Vendor Advisory: https://git.kernel.org/stable/c/664e5a6f541ff226621487d1280d2ec28e86be28
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits
2. Rebuild kernel if using custom kernel
3. Reboot system to load new kernel
🔧 Temporary Workarounds
Disable PREEMPT_RT
linuxSwitch to standard kernel configuration without real-time patches
# Reconfigure kernel without PREEMPT_RT option
# Rebuild and install kernel
Disable gpio-keys module
linuxRemove or blacklist gpio-keys driver if not needed
# Blacklist module: echo 'blacklist gpio_keys' >> /etc/modprobe.d/blacklist.conf
# Rebuild initramfs if needed
# Reboot
🧯 If You Can't Patch
- Monitor system logs for gpio-keys related crashes and restart affected services
- Consider migrating to non-PREEMPT_RT kernel if stability is critical
🔍 How to Verify
Check if Vulnerable:
Check if PREEMPT_RT is enabled: cat /sys/kernel/realtime, Check if gpio-keys module is loaded: lsmod | grep gpio_keysCheck Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits: uname -r, Verify no gpio-keys related crashes in system logs: dmesg | grep -i gpio_keys📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning gpio_keys_irq_timer
- Sleeping function called from invalid context errors
- rt_spin_lock related warnings in dmesg
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
source="kernel" AND ("gpio_keys" OR "sleeping function called from invalid context")🔗 References
- https://git.kernel.org/stable/c/664e5a6f541ff226621487d1280d2ec28e86be28
- https://git.kernel.org/stable/c/a7b79db25846459de63ca8974268f0c41c734c4b
- https://git.kernel.org/stable/c/a8f01e51109f77229e426b57c5d19251b462c6aa
- https://git.kernel.org/stable/c/ec8f5da79b425deef5aebacdd4fe645620cd4f0b
- https://git.kernel.org/stable/c/f4a8f561d08e39f7833d4a278ebfb12a41eef15f
- https://git.kernel.org/stable/c/fa53beab4740c4e5fe969f218a379f9558be33dc
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
