Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-71158

CVE-2025-71158: Linux Kernel GPIO MPSSE DoS Vulnerability

CVE-2025-71158 is a denial of service flaw in the Linux kernel GPIO MPSSE driver that causes system crashes when devices are unplugged during IRQ worker operations. This article covers technical details, impact, and fixes.

Published:

CVE-2025-71158 Overview

A race condition vulnerability has been identified in the Linux kernel's GPIO MPSSE driver (gpio-mpsse). The flaw exists in the IRQ worker handling mechanism, where unplugging a device while an IRQ worker is running can trigger a system crash. This occurs because the driver, originally written for Sealevel hardware which was not hotpluggable, lacked proper synchronization when tearing down worker threads during device disconnection.

Critical Impact

System crash and denial of service when USB devices using the GPIO MPSSE driver are unplugged while IRQ workers are active.

Affected Products

  • Linux Kernel (GPIO MPSSE driver)
  • Systems using Sealevel hardware with GPIO MPSSE functionality
  • Linux systems with USB GPIO devices utilizing the MPSSE driver

Discovery Timeline

  • 2026-01-23 - CVE CVE-2025-71158 published to NVD
  • 2026-01-26 - Last updated in NVD database

Technical Details for CVE-2025-71158

Vulnerability Analysis

This vulnerability represents a race condition in the Linux kernel's GPIO MPSSE driver. The core issue stems from inadequate synchronization between device disconnection handling and active IRQ worker threads. When a user unplugs a device while an IRQ worker is still executing, the driver fails to properly coordinate the teardown of these worker threads, leading to a use-after-free condition or null pointer dereference that causes a kernel crash.

The GPIO MPSSE driver was initially developed for Sealevel hardware that was designed for fixed installations and not intended to be hotpluggable. As a result, the original implementation did not account for the scenario where a device could be removed while worker threads were actively processing interrupts.

Root Cause

The root cause of this vulnerability is the absence of proper synchronization mechanisms to protect the list of IRQ workers during device disconnection. Without a locking mechanism, the disconnect handler could attempt to access or free resources that are still being used by active worker threads, or conversely, workers could continue operating on resources that have already been deallocated.

Attack Vector

The attack vector requires local physical access to the system. An attacker with the ability to physically unplug a USB device using the GPIO MPSSE driver while IRQ workers are active can trigger the crash. While this limits remote exploitation, it presents a denial of service risk in environments where:

  • Systems are accessible to multiple users
  • Automated hardware testing environments with GPIO devices
  • Industrial control systems using Sealevel or similar GPIO hardware

The vulnerability is triggered by the timing of device removal relative to IRQ worker activity, making it a classic race condition scenario.

Detection Methods for CVE-2025-71158

Indicators of Compromise

  • Kernel panic or system crash logs indicating issues in the gpio-mpsse driver
  • Crash dumps showing null pointer dereference or use-after-free in GPIO-related kernel code
  • System instability when USB GPIO devices are connected or disconnected
  • Kernel oops messages referencing mpsse or GPIO IRQ worker functions

Detection Strategies

  • Monitor kernel logs (dmesg, /var/log/kern.log) for crash messages related to gpio-mpsse driver
  • Implement kernel crash dump analysis to identify GPIO MPSSE-related failures
  • Use kernel debugging tools such as KASAN (Kernel Address Sanitizer) to detect memory corruption
  • Deploy system monitoring to track unexpected reboots or kernel panics

Monitoring Recommendations

  • Enable kernel crash reporting with tools like kdump or crash
  • Configure alerting for kernel oops and panic events in centralized logging systems
  • Monitor USB device connect/disconnect events in conjunction with system stability
  • Review system logs after any hardware changes involving GPIO devices

How to Mitigate CVE-2025-71158

Immediate Actions Required

  • Apply the kernel patches referenced in the fix commits
  • Avoid hot-unplugging USB GPIO devices using the MPSSE driver until patched
  • Consider disabling the gpio-mpsse module if not actively required
  • Update to a patched Linux kernel version containing the fix

Patch Information

The Linux kernel maintainers have resolved this vulnerability by implementing a spinlock to protect the list of workers, ensuring proper teardown during device disconnect. The fix can be found in the following kernel commits:

System administrators should update to kernel versions containing these patches or apply them manually if using a custom kernel build.

Workarounds

  • Prevent physical access to USB ports on affected systems
  • Use device management policies to restrict USB device removal during system operation
  • Blacklist or unload the gpio-mpsse kernel module if not required for system functionality
  • Implement hardware interlocks or cable management to prevent accidental device disconnection
bash
# Configuration example
# Blacklist the gpio-mpsse module if not needed
echo "blacklist gpio_mpsse" | sudo tee /etc/modprobe.d/blacklist-gpio-mpsse.conf

# Unload the module if currently loaded
sudo modprobe -r gpio_mpsse

# Verify module is not loaded
lsmod | grep mpsse

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.