CVE-2026-23308
- Source
- https://cve.org/CVERecord?id=CVE-2026-23308
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23308.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-23308
- Downstream
- Published
- 2026-03-25T10:27:03.536Z
- Modified
- 2026-04-14T03:47:59.980195Z
- Summary
- pinctrl: equilibrium: fix warning trace on load
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: equilibrium: fix warning trace on load
The callback functions 'eqbrirqmask()' and 'eqbrirqack()' are also called in the callback function 'eqbrirqmaskack()'. This is done to avoid source code duplication. The problem, is that in the function 'eqbrirqmask()' also calles the gpiolib function 'gpiochipdisable_irq()'
This generates the following warning trace in the log for every gpio on load.
[ 6.088111] ------------[ cut here ]------------ [ 6.092440] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:3810 gpiochipdisableirq+0x39/0x50 [ 6.097847] Modules linked in: [ 6.097847] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.12.59+ #0 [ 6.097847] Tainted: [W]=WARN [ 6.097847] RIP: 0010:gpiochipdisableirq+0x39/0x50 [ 6.097847] Code: 39 c6 48 19 c0 21 c6 48 c1 e6 05 48 03 b2 38 03 00 00 48 81 fe 00 f0 ff ff 77 11 48 8b 46 08 f6 c4 02 74 06 f0 80 66 09 fb c3 <0f> 0b 90 0f 1f 40 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 [ 6.097847] RSP: 0000:ffffc9000000b830 EFLAGS: 00010046 [ 6.097847] RAX: 0000000000000045 RBX: ffff888001be02a0 RCX: 0000000000000008 [ 6.097847] RDX: ffff888001be9000 RSI: ffff888001b2dd00 RDI: ffff888001be02a0 [ 6.097847] RBP: ffffc9000000b860 R08: 0000000000000000 R09: 0000000000000000 [ 6.097847] R10: 0000000000000001 R11: ffff888001b2a154 R12: ffff888001be0514 [ 6.097847] R13: ffff888001be02a0 R14: 0000000000000008 R15: 0000000000000000 [ 6.097847] FS: 0000000000000000(0000) GS:ffff888041d80000(0000) knlGS:0000000000000000 [ 6.097847] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6.097847] CR2: 0000000000000000 CR3: 0000000003030000 CR4: 00000000001026b0 [ 6.097847] Call Trace: [ 6.097847] <TASK> [ 6.097847] ? eqbrirqmask+0x63/0x70 [ 6.097847] ? noaction+0x10/0x10 [ 6.097847] eqbrirqmaskack+0x11/0x60
In an other driver (drivers/pinctrl/starfive/pinctrl-starfive-jh7100.c) the interrupt is not disabled here.
To fix this, do not call the 'eqbrirqmask()' and 'eqbrirqack()' function. Implement instead this directly without disabling the interrupts.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23308.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3e00b1b332e54ba50cca6691f628b9c06574024f
- https://git.kernel.org/stable/c/53eba152810ef0fff8567b13ea0f62d48e62df6b
- https://git.kernel.org/stable/c/896449ad9053a42c6c710aeae6175170176cabd0
- https://git.kernel.org/stable/c/af3b0ec98dc1133521b612f8009fdd36b612aabe
- https://git.kernel.org/stable/c/ec54546e8d8a50a9824c139a127a8459d1b0b1bb
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23308.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23308
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced52066a53bd116a2f41d04d99b5095c02ad8cf953Fixed896449ad9053a42c6c710aeae6175170176cabd0Fixedaf3b0ec98dc1133521b612f8009fdd36b612aabeFixed53eba152810ef0fff8567b13ea0f62d48e62df6bFixedec54546e8d8a50a9824c139a127a8459d1b0b1bbFixed3e00b1b332e54ba50cca6691f628b9c06574024f