CVE-2026-43181 - Vulnerability Details

- gpio: sysfs: fix chip removal with GPIOs exported over sysfs

Description

In the Linux kernel, the following vulnerability has been resolved:

gpio: sysfs: fix chip removal with GPIOs exported over sysfs

Currently if we export a GPIO over sysfs and unbind the parent GPIO
controller, the exported attribute will remain under /sys/class/gpio
because once we remove the parent device, we can no longer associate the
descriptor with it in gpiod_unexport() and never drop the final
reference.

Rework the teardown code: provide an unlocked variant of
gpiod_unexport() and remove all exported GPIOs with the sysfs_lock taken
before unregistering the parent device itself. This is done to prevent
any new exports happening before we unregister the device completely.

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel did not clean up GPIOs exported through sysfs when the parent controller device was unbound. As a result, exported attributes remained under /sys/class/gpio because the kernel could not associate the descriptor with the removed device and failed to drop the final reference. This incomplete teardown can leave orphaned sysfs entries and allow the sysfs namespace to grow, potentially exhausting kernel resources or causing system instability. The weakness is a resource management flaw (CWE‑772).

Affected Systems

All Linux kernel releases that support the legacy sysfs GPIO export interface and do not include the fix introduced by the referenced commits are affected. Vendors are not specifically cited, but the issue impacts generic Linux distributions running a kernel with the legacy GPIO sysfs path. No specific version numbers are provided, so any kernel build that lacks the recent commits is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.5 classifies the vulnerability as moderate severity, and the EPSS score of <1% indicates a low probability of exploitation. Based on the description, it is inferred that a local attacker would need root privileges to unbind or bind the GPIO controller device, because these operations typically require elevated permissions. The vulnerability does not allow remote code execution or other remote exploits; its impact is limited to denial of service or resource exhaustion triggered by local privilege escalation or misconfiguration. The issue is not listed in CISA's KEV catalog and appears to require a local attack vector.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1cd53df733c21ae0d344a2dec941a3e2a06fefd9`	affected	< 54f463494eb5bf193ef7d904a493474c451734df
`1cd53df733c21ae0d344a2dec941a3e2a06fefd9`	affected	< a645cc25904b0baf508b77a0402ce151212b9800
`1cd53df733c21ae0d344a2dec941a3e2a06fefd9`	affected	< 6766f59012301f1bf3f46c6e7149caca45d92309

Linux

affected

Version	Status	Constraints
`6.17`	affected	—
`0`	unaffected	< 6.17
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1cd53df733c21ae0d344a2dec941a3e2a06fefd9,54f463494eb5bf193ef7d904a493474c451734df)`	affected	code_commit	—
`[1cd53df733c21ae0d344a2dec941a3e2a06fefd9,a645cc25904b0baf508b77a0402ce151212b9800)`	affected	code_commit	—
`[1cd53df733c21ae0d344a2dec941a3e2a06fefd9,6766f59012301f1bf3f46c6e7149caca45d92309)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.17`	affected	generic	—
`[0,6.17)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the commit fixes for sysfs GPIO chip removal (e.g., the changes associated with commits 54f4634, 6766f590, or a later release that incorporates these patches).
Prior to unbinding or removing a GPIO controller device, ensure that any exported GPIOs are unexported and that no file descriptors remain open in user space.
After updating the kernel, reboot the system to clear any residual sysfs entries and ensure that the cleanup logic runs on the fresh kernel.

Generated by OpenCVE AI on May 11, 2026 at 23:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/54f463494eb5bf193ef7d904a493474c451734df
https://git.kernel.org/stable/c/6766f59012301f1bf3f46c6e7149caca45d92309
https://git.kernel.org/stable/c/a645cc25904b0baf508b77a0402ce151212b9800
https://lore.kernel.org/linux-cve-announce/2026050639-CVE-2026-43181-2c8c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43181
https://www.cve.org/CVERecord?id=CVE-2026-43181

History

Mon, 11 May 2026 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026050639-CVE-2026-43181-2c8c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43181 https://www.cve.org/CVERecord?id=CVE-2026-43181

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: gpio: sysfs: fix chip removal with GPIOs exported over sysfs Currently if we export a GPIO over sysfs and unbind the parent GPIO controller, the exported attribute will remain under /sys/class/gpio because once we remove the parent device, we can no longer associate the descriptor with it in gpiod_unexport() and never drop the final reference. Rework the teardown code: provide an unlocked variant of gpiod_unexport() and remove all exported GPIOs with the sysfs_lock taken before unregistering the parent device itself. This is done to prevent any new exports happening before we unregister the device completely.
Title		gpio: sysfs: fix chip removal with GPIOs exported over sysfs
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/54f463494eb5bf193ef7d904a493474c451734df https://git.kernel.org/stable/c/6766f59012301f1bf3f46c6e7149caca45d92309 https://git.kernel.org/stable/c/a645cc25904b0baf508b77a0402ce151212b9800

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:53.626Z

Updated: 2026-05-11T22:19:24.836Z

Reserved: 2026-05-01T14:12:55.991Z

Link: CVE-2026-43181

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:36.670

Modified: 2026-05-11T20:53:27.147

Link: CVE-2026-43181

Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43181 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-12T00:00:04Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object