CVE-2026-43181 - Vulnerability Details

- gpio: sysfs: fix chip removal with GPIOs exported over sysfs

Description

In the Linux kernel, the following vulnerability has been resolved:

gpio: sysfs: fix chip removal with GPIOs exported over sysfs

Currently if we export a GPIO over sysfs and unbind the parent GPIO
controller, the exported attribute will remain under /sys/class/gpio
because once we remove the parent device, we can no longer associate the
descriptor with it in gpiod_unexport() and never drop the final
reference.

Rework the teardown code: provide an unlocked variant of
gpiod_unexport() and remove all exported GPIOs with the sysfs_lock taken
before unregistering the parent device itself. This is done to prevent
any new exports happening before we unregister the device completely.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel failed to clean up GPIOs exported over sysfs when the parent controller device was unbound. Instead of releasing the final reference, the exported attributes remained listed under /sys/class/gpio. This incomplete teardown can leave dangling resources and grow the sysfs namespace, potentially exhausting kernel resources or causing system instability. The weakness identified is a resource management flaw, specifically a failure to release a reference count (CWE‑673).

Affected Systems

All Linux kernel releases that support sysfs GPIO export but lack the fix introduced in the referenced commits. The affected systems are generic Linux distributions running a kernel that includes the legacy GPIO sysfs interface and where users might export individual pins to user space. No vendor or product names beyond the Linux kernel were listed. Specific affected‑version information is not available.

Risk and Exploitability

The CVSS score is not provided and EPSS is not available, so the exploitation probability is low. A local attacker would need the capability to unbind or bind the GPIO controller device, which typically requires root privileges. The vulnerability does not allow arbitrary code execution or remote exploitation; its primary impact is denial of service through resource exhaustion or orphaned sysfs entries. Because the issue persists only after a device is removed and no public exploit is known, the overall risk is moderate, with a high consequence if triggered on a heavily loaded system.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1cd53df733c21ae0d344a2dec941a3e2a06fefd9`	affected	< 54f463494eb5bf193ef7d904a493474c451734df
`1cd53df733c21ae0d344a2dec941a3e2a06fefd9`	affected	< a645cc25904b0baf508b77a0402ce151212b9800
`1cd53df733c21ae0d344a2dec941a3e2a06fefd9`	affected	< 6766f59012301f1bf3f46c6e7149caca45d92309

Linux

affected

Version	Status	Constraints
`6.17`	affected	—
`0`	unaffected	< 6.17
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1cd53df733c21ae0d344a2dec941a3e2a06fefd9,54f463494eb5bf193ef7d904a493474c451734df)`	affected	code_commit	—
`[1cd53df733c21ae0d344a2dec941a3e2a06fefd9,a645cc25904b0baf508b77a0402ce151212b9800)`	affected	code_commit	—
`[1cd53df733c21ae0d344a2dec941a3e2a06fefd9,6766f59012301f1bf3f46c6e7149caca45d92309)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.17`	affected	generic	—
`[0,6.17)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the commit fixes for sysfs GPIO chip removal (e.g., the changes associated with commits 54f4634, 6766f590, or a later release that incorporates these patches).
Prior to unbinding or removing a GPIO controller device, ensure that any exported GPIOs are unexported and that no file descriptors remain open in user space.
After updating the kernel, reboot the system to clear any residual sysfs entries and ensure that the cleanup logic runs on the fresh kernel.

Generated by OpenCVE AI on May 6, 2026 at 16:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/54f463494eb5bf193ef7d904a493474c451734df
https://git.kernel.org/stable/c/6766f59012301f1bf3f46c6e7149caca45d92309
https://git.kernel.org/stable/c/a645cc25904b0baf508b77a0402ce151212b9800

History

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: gpio: sysfs: fix chip removal with GPIOs exported over sysfs Currently if we export a GPIO over sysfs and unbind the parent GPIO controller, the exported attribute will remain under /sys/class/gpio because once we remove the parent device, we can no longer associate the descriptor with it in gpiod_unexport() and never drop the final reference. Rework the teardown code: provide an unlocked variant of gpiod_unexport() and remove all exported GPIOs with the sysfs_lock taken before unregistering the parent device itself. This is done to prevent any new exports happening before we unregister the device completely.
Title		gpio: sysfs: fix chip removal with GPIOs exported over sysfs
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/54f463494eb5bf193ef7d904a493474c451734df https://git.kernel.org/stable/c/6766f59012301f1bf3f46c6e7149caca45d92309 https://git.kernel.org/stable/c/a645cc25904b0baf508b77a0402ce151212b9800

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:53.626Z

Updated: 2026-05-06T11:27:53.626Z

Reserved: 2026-05-01T14:12:55.991Z

Link: CVE-2026-43181

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:36.670

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43181

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T16:30:06Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object