Description
In the Linux kernel, the following vulnerability has been resolved:

gpio: rockchip: fix generic IRQ chip leak on remove

The driver allocates domain generic chips using
irq_alloc_domain_generic_chips() during probe. However, on driver
remove/teardown, the generic chips are not automatically freed when the
IRQ domain is removed because the domain flags do not include
IRQ_DOMAIN_FLAG_DESTROY_GC.

This causes both the domain generic chips structure and the associated
generic chips to be leaked. Additionally, the generic chips remain on
the global gc_list and may later be visited by generic IRQ chip suspend,
resume, or shutdown callbacks after the GPIO bank has been removed,
potentially resulting in a use-after-free and kernel crash.

Fix the resource leak by explicitly calling
irq_domain_remove_generic_chips() before removing the IRQ domain in
rockchip_gpio_remove().
Published: 2026-06-25
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During the removal of the Rockchip GPIO driver, generic IRQ chips allocated by irq_alloc_domain_generic_chips() are not freed because the domain flags lack IRQ_DOMAIN_FLAG_DESTROY_GC. This results in memory leaks of the domain generic chip structure and its associated generic chips, which remain registered on the global gc_list. Subsequent suspends, resumes, or shutdown callbacks may access these leaked objects, potentially triggering a use‑after‑free and causing a kernel crash. The vulnerability represents a use‑after‑free condition (CWE‑416) that can lead to denial of service.

Affected Systems

The issue affects the Linux kernel’s Rockchip GPIO driver. Any system running a Linux kernel that incorporates the Rockchip GPIO subsystem and has had the driver loaded and later removed is impacted. No specific kernel version range is provided in the CVE data, so the vulnerability could exist in multiple releases that contain the unchanged driver code.

Risk and Exploitability

Because the exploit requires the driver to be removed, an attacker would need privileged or local access to trigger the removal path. No publicly available exploits are reported, and the EPSS score is not available, making the exploitation likelihood uncertain. The vulnerability is not listed in the CISA KEV catalog, indicating no known widespread exploitation. However, the potential for a kernel crash warrants caution, especially in environments where device removal is performed frequently or under untrusted conditions.

Generated by OpenCVE AI on June 25, 2026 at 11:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the upstream patch that removes the generic IRQ chips explicitly during rockchip_gpio_remove(), or update the kernel to a version that contains this fix (commit 1c1e0fc88d6ef65bf15d517853251f75ab9d18c3).
  • Verify that the Rockchip GPIO driver is compiled with the correct IRQ domain flags, or rebuild it to include IRQ_DOMAIN_FLAG_DESTROY_GC.
  • If an immediate kernel update is not possible, avoid hot‑plugging or manually removing Rockchip GPIO devices while the system is running, or disable the driver if it is not required.

Generated by OpenCVE AI on June 25, 2026 at 11:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: gpio: rockchip: fix generic IRQ chip leak on remove The driver allocates domain generic chips using irq_alloc_domain_generic_chips() during probe. However, on driver remove/teardown, the generic chips are not automatically freed when the IRQ domain is removed because the domain flags do not include IRQ_DOMAIN_FLAG_DESTROY_GC. This causes both the domain generic chips structure and the associated generic chips to be leaked. Additionally, the generic chips remain on the global gc_list and may later be visited by generic IRQ chip suspend, resume, or shutdown callbacks after the GPIO bank has been removed, potentially resulting in a use-after-free and kernel crash. Fix the resource leak by explicitly calling irq_domain_remove_generic_chips() before removing the IRQ domain in rockchip_gpio_remove().
Title gpio: rockchip: fix generic IRQ chip leak on remove
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:26.567Z

Reserved: 2026-06-09T07:44:35.392Z

Link: CVE-2026-53226

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T11:30:06Z

Weaknesses