CVE-2022-49430: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - cancel delayed work only in case of GPIO gpio_keys module can either accept gpios or interrupts. The module initializes delayed work in case of gpios only and is only used if debounce timer is not used, so make sure cancel_delayed_work_sync() is called only when its gpio-backed and debounce_use_hrtimer is false. This fixes the issue seen below when the gpio_keys module is unloaded and an interrupt pin is used instead of GPIO: [ 360.297569] ------------[ cut here ]------------ [ 360.302303] WARNING: CPU: 0 PID: 237 at kernel/workqueue.c:3066 __flush_work+0x414/0x470 [ 360.310531] Modules linked in: gpio_keys(-) [ 360.314797] CPU: 0 PID: 237 Comm: rmmod Not tainted 5.18.0-rc5-arm64-renesas-00116-g73636105874d-dirty #166 [ 360.324662] Hardware name: Renesas SMARC EVK based on r9a07g054l2 (DT) [ 360.331270] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 360.338318] pc : __flush_work+0x414/0x470 [ 360.342385] lr : __cancel_work_timer+0x140/0x1b0 [ 360.347065] sp : ffff80000a7fba00 [ 360.350423] x29: ffff80000a7fba00 x28: ffff000012b9c5c0 x27: 0000000000000000 [ 360.357664] x26: ffff80000a7fbb80 x25: ffff80000954d0a8 x24: 0000000000000001 [ 360.364904] x23: ffff800009757000 x22: 0000000000000000 x21: ffff80000919b000 [ 360.372143] x20: ffff00000f5974e0 x19: ffff00000f5974e0 x18: ffff8000097fcf48 [ 360.379382] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000053f40 [ 360.386622] x14: ffff800009850e88 x13: 0000000000000002 x12: 000000000000a60c [ 360.393861] x11: 000000000000a610 x10: 0000000000000000 x9 : 0000000000000008 [ 360.401100] x8 : 0101010101010101 x7 : 00000000a473c394 x6 : 0080808080808080 [ 360.408339] x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff80000919b458 [ 360.415578] x2 : ffff8000097577f0 x1 : 0000000000000001 x0 : 0000000000000000 [ 360.422818] Call trace: [ 360.425299] __flush_work+0x414/0x470 [ 360.429012] __cancel_work_timer+0x140/0x1b0 [ 360.433340] cancel_delayed_work_sync+0x10/0x18 [ 360.437931] gpio_keys_quiesce_key+0x28/0x58 [gpio_keys] [ 360.443327] devm_action_release+0x10/0x18 [ 360.447481] release_nodes+0x8c/0x1a0 [ 360.451194] devres_release_all+0x90/0x100 [ 360.455346] device_unbind_cleanup+0x14/0x60 [ 360.459677] device_release_driver_internal+0xe8/0x168 [ 360.464883] driver_detach+0x4c/0x90 [ 360.468509] bus_remove_driver+0x54/0xb0 [ 360.472485] driver_unregister+0x2c/0x58 [ 360.476462] platform_driver_unregister+0x10/0x18 [ 360.481230] gpio_keys_exit+0x14/0x828 [gpio_keys] [ 360.486088] __arm64_sys_delete_module+0x1e0/0x270 [ 360.490945] invoke_syscall+0x40/0xf8 [ 360.494661] el0_svc_common.constprop.3+0xf0/0x110 [ 360.499515] do_el0_svc+0x20/0x78 [ 360.502877] el0_svc+0x48/0xf8 [ 360.505977] el0t_64_sync_handler+0x88/0xb0 [ 360.510216] el0t_64_sync+0x148/0x14c [ 360.513930] irq event stamp: 4306 [ 360.517288] hardirqs last enabled at (4305): [<ffff8000080b0300>] __cancel_work_timer+0x130/0x1b0 [ 360.526359] hardirqs last disabled at (4306): [<ffff800008d194fc>] el1_dbg+0x24/0x88 [ 360.534204] softirqs last enabled at (4278): [<ffff8000080104a0>] _stext+0x4a0/0x5e0 [ 360.542133] softirqs last disabled at (4267): [<ffff8000080932ac>] irq_exit_rcu+0x18c/0x1b0 [ 360.550591] ---[ end trace 0000000000000000 ]---
AI Analysis
Technical Summary
CVE-2022-49430 is a vulnerability in the Linux kernel's gpio_keys module, which handles input from GPIO (General Purpose Input/Output) keys and interrupts. The gpio_keys module supports both GPIOs and interrupts, but it initializes delayed work only when GPIOs are used and only if the debounce timer is not enabled. The vulnerability arises because the module calls cancel_delayed_work_sync() unconditionally when it is unloaded, regardless of whether the input source is GPIO-backed or interrupt-based. This improper handling can lead to a kernel warning and potentially a kernel crash when the gpio_keys module is unloaded and an interrupt pin is used instead of a GPIO pin. The provided kernel log trace shows a warning triggered in the __flush_work function within the kernel workqueue subsystem, indicating a race or improper synchronization issue during work cancellation. This bug is fixed by ensuring that cancel_delayed_work_sync() is called only when the gpio_keys module is backed by GPIO and the debounce high-resolution timer is disabled. The vulnerability affects Linux kernel versions prior to the fix and is relevant to systems using gpio_keys for input devices, particularly embedded or ARM-based platforms like the Renesas SMARC EVK referenced in the log. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49430 depends largely on the deployment of Linux systems using the gpio_keys module, especially in embedded or industrial environments. Systems that rely on GPIO input devices, such as industrial control systems, IoT devices, or specialized hardware running Linux kernels vulnerable to this issue, may experience kernel crashes or instability when the gpio_keys module is unloaded or reloaded. This could lead to denial of service conditions, affecting availability of critical systems. While the vulnerability does not directly expose confidentiality or integrity risks, the resulting system instability could disrupt operations, cause downtime, or require costly maintenance. European industries with significant embedded Linux usage, such as manufacturing, automotive, telecommunications, and critical infrastructure, could be affected if they use vulnerable kernel versions. However, general-purpose Linux servers and desktops are less likely to be impacted since gpio_keys is primarily relevant to hardware input handling in embedded contexts.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify Linux systems using the gpio_keys module, particularly embedded devices and ARM-based platforms. 2) Update the Linux kernel to a version that includes the fix for CVE-2022-49430, ensuring that cancel_delayed_work_sync() is conditionally called only for GPIO-backed inputs without debounce timers. 3) For systems where kernel updates are not immediately feasible, avoid unloading the gpio_keys module dynamically or disable its use if possible. 4) Implement monitoring for kernel warnings or crashes related to workqueue flushing or gpio_keys to detect potential exploitation or instability. 5) Coordinate with hardware vendors and embedded system providers to obtain patched firmware or kernel versions. 6) Test kernel updates in staging environments to ensure compatibility with existing hardware and software stacks before production deployment. These steps go beyond generic advice by focusing on the specific module and usage scenarios relevant to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2022-49430: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - cancel delayed work only in case of GPIO gpio_keys module can either accept gpios or interrupts. The module initializes delayed work in case of gpios only and is only used if debounce timer is not used, so make sure cancel_delayed_work_sync() is called only when its gpio-backed and debounce_use_hrtimer is false. This fixes the issue seen below when the gpio_keys module is unloaded and an interrupt pin is used instead of GPIO: [ 360.297569] ------------[ cut here ]------------ [ 360.302303] WARNING: CPU: 0 PID: 237 at kernel/workqueue.c:3066 __flush_work+0x414/0x470 [ 360.310531] Modules linked in: gpio_keys(-) [ 360.314797] CPU: 0 PID: 237 Comm: rmmod Not tainted 5.18.0-rc5-arm64-renesas-00116-g73636105874d-dirty #166 [ 360.324662] Hardware name: Renesas SMARC EVK based on r9a07g054l2 (DT) [ 360.331270] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 360.338318] pc : __flush_work+0x414/0x470 [ 360.342385] lr : __cancel_work_timer+0x140/0x1b0 [ 360.347065] sp : ffff80000a7fba00 [ 360.350423] x29: ffff80000a7fba00 x28: ffff000012b9c5c0 x27: 0000000000000000 [ 360.357664] x26: ffff80000a7fbb80 x25: ffff80000954d0a8 x24: 0000000000000001 [ 360.364904] x23: ffff800009757000 x22: 0000000000000000 x21: ffff80000919b000 [ 360.372143] x20: ffff00000f5974e0 x19: ffff00000f5974e0 x18: ffff8000097fcf48 [ 360.379382] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000053f40 [ 360.386622] x14: ffff800009850e88 x13: 0000000000000002 x12: 000000000000a60c [ 360.393861] x11: 000000000000a610 x10: 0000000000000000 x9 : 0000000000000008 [ 360.401100] x8 : 0101010101010101 x7 : 00000000a473c394 x6 : 0080808080808080 [ 360.408339] x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff80000919b458 [ 360.415578] x2 : ffff8000097577f0 x1 : 0000000000000001 x0 : 0000000000000000 [ 360.422818] Call trace: [ 360.425299] __flush_work+0x414/0x470 [ 360.429012] __cancel_work_timer+0x140/0x1b0 [ 360.433340] cancel_delayed_work_sync+0x10/0x18 [ 360.437931] gpio_keys_quiesce_key+0x28/0x58 [gpio_keys] [ 360.443327] devm_action_release+0x10/0x18 [ 360.447481] release_nodes+0x8c/0x1a0 [ 360.451194] devres_release_all+0x90/0x100 [ 360.455346] device_unbind_cleanup+0x14/0x60 [ 360.459677] device_release_driver_internal+0xe8/0x168 [ 360.464883] driver_detach+0x4c/0x90 [ 360.468509] bus_remove_driver+0x54/0xb0 [ 360.472485] driver_unregister+0x2c/0x58 [ 360.476462] platform_driver_unregister+0x10/0x18 [ 360.481230] gpio_keys_exit+0x14/0x828 [gpio_keys] [ 360.486088] __arm64_sys_delete_module+0x1e0/0x270 [ 360.490945] invoke_syscall+0x40/0xf8 [ 360.494661] el0_svc_common.constprop.3+0xf0/0x110 [ 360.499515] do_el0_svc+0x20/0x78 [ 360.502877] el0_svc+0x48/0xf8 [ 360.505977] el0t_64_sync_handler+0x88/0xb0 [ 360.510216] el0t_64_sync+0x148/0x14c [ 360.513930] irq event stamp: 4306 [ 360.517288] hardirqs last enabled at (4305): [<ffff8000080b0300>] __cancel_work_timer+0x130/0x1b0 [ 360.526359] hardirqs last disabled at (4306): [<ffff800008d194fc>] el1_dbg+0x24/0x88 [ 360.534204] softirqs last enabled at (4278): [<ffff8000080104a0>] _stext+0x4a0/0x5e0 [ 360.542133] softirqs last disabled at (4267): [<ffff8000080932ac>] irq_exit_rcu+0x18c/0x1b0 [ 360.550591] ---[ end trace 0000000000000000 ]---
AI-Powered Analysis
Technical Analysis
CVE-2022-49430 is a vulnerability in the Linux kernel's gpio_keys module, which handles input from GPIO (General Purpose Input/Output) keys and interrupts. The gpio_keys module supports both GPIOs and interrupts, but it initializes delayed work only when GPIOs are used and only if the debounce timer is not enabled. The vulnerability arises because the module calls cancel_delayed_work_sync() unconditionally when it is unloaded, regardless of whether the input source is GPIO-backed or interrupt-based. This improper handling can lead to a kernel warning and potentially a kernel crash when the gpio_keys module is unloaded and an interrupt pin is used instead of a GPIO pin. The provided kernel log trace shows a warning triggered in the __flush_work function within the kernel workqueue subsystem, indicating a race or improper synchronization issue during work cancellation. This bug is fixed by ensuring that cancel_delayed_work_sync() is called only when the gpio_keys module is backed by GPIO and the debounce high-resolution timer is disabled. The vulnerability affects Linux kernel versions prior to the fix and is relevant to systems using gpio_keys for input devices, particularly embedded or ARM-based platforms like the Renesas SMARC EVK referenced in the log. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49430 depends largely on the deployment of Linux systems using the gpio_keys module, especially in embedded or industrial environments. Systems that rely on GPIO input devices, such as industrial control systems, IoT devices, or specialized hardware running Linux kernels vulnerable to this issue, may experience kernel crashes or instability when the gpio_keys module is unloaded or reloaded. This could lead to denial of service conditions, affecting availability of critical systems. While the vulnerability does not directly expose confidentiality or integrity risks, the resulting system instability could disrupt operations, cause downtime, or require costly maintenance. European industries with significant embedded Linux usage, such as manufacturing, automotive, telecommunications, and critical infrastructure, could be affected if they use vulnerable kernel versions. However, general-purpose Linux servers and desktops are less likely to be impacted since gpio_keys is primarily relevant to hardware input handling in embedded contexts.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify Linux systems using the gpio_keys module, particularly embedded devices and ARM-based platforms. 2) Update the Linux kernel to a version that includes the fix for CVE-2022-49430, ensuring that cancel_delayed_work_sync() is conditionally called only for GPIO-backed inputs without debounce timers. 3) For systems where kernel updates are not immediately feasible, avoid unloading the gpio_keys module dynamically or disable its use if possible. 4) Implement monitoring for kernel warnings or crashes related to workqueue flushing or gpio_keys to detect potential exploitation or instability. 5) Coordinate with hardware vendors and embedded system providers to obtain patched firmware or kernel versions. 6) Test kernel updates in staging environments to ensure compatibility with existing hardware and software stacks before production deployment. These steps go beyond generic advice by focusing on the specific module and usage scenarios relevant to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.569Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe59d1
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 7:10:31 AM
Last updated: 7/29/2025, 12:33:25 PM
Views: 10
Related Threats
CVE-2025-9025: SQL Injection in code-projects Simple Cafe Ordering System
MediumCVE-2025-9024: SQL Injection in PHPGurukul Beauty Parlour Management System
MediumCVE-2025-9023: Buffer Overflow in Tenda AC7
HighCVE-2025-8905: CWE-94 Improper Control of Generation of Code ('Code Injection') in inpersttion Inpersttion For Theme
MediumCVE-2025-8720: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in morehawes Plugin README Parser
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.