CVE-2025-37901
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37901
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37901.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37901
- Downstream
- Related
- Published
- 2025-05-20T15:21:36Z
- Modified
- 2025-10-10T11:08:18.607396Z
- Summary
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
On Qualcomm chipsets not all GPIOs are wakeup capable. Those GPIOs do not have a corresponding MPM pin and should not be handled inside the MPM driver. The IRQ domain hierarchy is always applied, so it's required to explicitly disconnect the hierarchy for those. The pinctrl-msm driver marks these with GPIONOWAKE_IRQ. qcom-pdc has a check for this, but irq-qcom-mpm is currently missing the check. This is causing crashes when setting up interrupts for non-wake GPIOs:
root@rb1:~# gpiomon -c gpiochip1 10 irq: IRQ159: trimming hierarchy from :soc@0:interrupt-controller@f200000-1 Unable to handle kernel paging request at virtual address ffff8000a1dc3820 Hardware name: Qualcomm Technologies, Inc. Robotics RB1 (DT) pc : mpmsettype+0x80/0xcc lr : mpmsettype+0x5c/0xcc Call trace: mpmsettype+0x80/0xcc (P) qcommpmsettype+0x64/0x158 irqchipsettypeparent+0x20/0x38 msmgpioirqsettype+0x50/0x530 _irqsettrigger+0x60/0x184 _setupirq+0x304/0x6bc requestthreadedirq+0xc8/0x19c edgedetectorsetup+0x260/0x364 linereqcreate+0x420/0x5a8 gpioioctl+0x2d4/0x6c0
Fix this by copying the check for GPIONOWAKE_IRQ from qcom-pdc.c, so that MPM is removed entirely from the hierarchy for non-wake GPIOs.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/38a05c0b87833f5b188ae43b428b1f792df2b384
- https://git.kernel.org/stable/c/45aced97f01d5ab14c8a2a60f6748f18c501c3f5
- https://git.kernel.org/stable/c/d5c10448f411a925dd59005785cb971f0626e032
- https://git.kernel.org/stable/c/dfbaecf7e38f5e9bfa5e47a1e525ffbb58bab8cf
- https://git.kernel.org/stable/c/f102342360950b56959e5fff4a874ea88ae13758
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda6199bb514d8a63f61c2a22c1f912376e14d0fb2Fixed45aced97f01d5ab14c8a2a60f6748f18c501c3f5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda6199bb514d8a63f61c2a22c1f912376e14d0fb2Fixeddfbaecf7e38f5e9bfa5e47a1e525ffbb58bab8cf
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda6199bb514d8a63f61c2a22c1f912376e14d0fb2Fixedf102342360950b56959e5fff4a874ea88ae13758
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda6199bb514d8a63f61c2a22c1f912376e14d0fb2Fixedd5c10448f411a925dd59005785cb971f0626e032
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda6199bb514d8a63f61c2a22c1f912376e14d0fb2Fixed38a05c0b87833f5b188ae43b428b1f792df2b384