CVE-2025-38516
📋 TL;DR
A vulnerability in the Linux kernel's Qualcomm pinctrl-msm driver allows user-space applications to trigger a kernel BUG() and potentially crash the system by requesting interrupts on pins that lack interrupt logic. This affects Linux systems using Qualcomm MSM chipsets with specific GPIO configurations. The vulnerability requires local user access to exploit.
💻 Affected Systems
- Linux kernel with Qualcomm pinctrl-msm driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
Local denial of service through kernel crash when malicious or buggy user-space applications request invalid interrupts.
If Mitigated
Minimal impact with proper access controls preventing unauthorized users from executing GPIO monitoring tools.
🎯 Exploit Status
Exploitation requires local user access and knowledge of vulnerable GPIO pin numbers. The gpiomon command example demonstrates the trigger.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 1d57f7132662e96aace3b8a000616efde289aae1, 275605a8b48002fe98675a5c06f3e39c09067ff2, 3f8fc02c2582c1dfad1785e9c7bc8b4e1521af0a, 6a89563ccf9cd0d745e2291302878a061508573f, 93712205ce2f1fb047739494c0399a26ea4f0890
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to install latest kernel updates. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Restrict GPIO access
LinuxLimit user access to GPIO monitoring tools and devices to prevent exploitation.
chmod 600 /dev/gpio*
setfacl -m u:root:rw- /dev/gpio*
🧯 If You Can't Patch
- Implement strict access controls to prevent non-privileged users from executing GPIO-related commands.
- Monitor system logs for gpiomon or similar GPIO monitoring tool usage and investigate unauthorized activity.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if Qualcomm pinctrl-msm driver is loaded: lsmod | grep pinctrl_msm and uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include fix commits and test with gpiomon on known vulnerable pin (requires caution).📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning msm_gpio_irq_set_type
- System crash/reboot events
- gpiomon command execution in audit logs
Network Indicators:
- None - local exploitation only
SIEM Query:
EventID=6008 OR Source="Kernel" AND EventText="BUG" OR ProcessName="gpiomon"🔗 References
- https://git.kernel.org/stable/c/1d57f7132662e96aace3b8a000616efde289aae1
- https://git.kernel.org/stable/c/275605a8b48002fe98675a5c06f3e39c09067ff2
- https://git.kernel.org/stable/c/3f8fc02c2582c1dfad1785e9c7bc8b4e1521af0a
- https://git.kernel.org/stable/c/6a89563ccf9cd0d745e2291302878a061508573f
- https://git.kernel.org/stable/c/93712205ce2f1fb047739494c0399a26ea4f0890
- https://git.kernel.org/stable/c/97c9c7daeeb00c6e1d5e84084041f79c2d2dce22
- https://git.kernel.org/stable/c/cb4b08a095b1fa4b3fca782757517e4e9a917d8e
- https://git.kernel.org/stable/c/cc145e02d6b8494c48f91958d52fa76b7e577f7b
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
