5.5
CVE-2026-53307
- EPSS 0.11%
- Veröffentlicht 26.06.2026 19:41:02
- Zuletzt bearbeitet 06.07.2026 20:14:45
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
pinctrl: pinconf-generic: Fully validate 'pinmux' property
In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.15 < 6.18.33
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.10
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.016 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/6476aac13805721e16439bd71f0e1703a4154517
https://git.kernel.org/stable/c/b7842b722169359e7ffe4b838d2496e9e72ac996
https://git.kernel.org/stable/c/c98324ea7849b6e5baa1774f71709b375a2c2f9e