5.5

CVE-2026-53307

pinctrl: pinconf-generic: Fully validate 'pinmux' property

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: pinconf-generic: Fully validate 'pinmux' property

The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property
is not empty when present. This might be not true. With that, the allocator
will give a special value in return and not NULL which lead to the crash
when trying to access that (invalid) memory. Fix that by fully validating
'pinmux' value, including its length.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.15 < 6.18.33
LinuxLinux Kernel Version >= 6.19 < 7.0.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.016
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/6476aac13805721e16439bd71f0e1703a4154517
Patch
https://git.kernel.org/stable/c/b7842b722169359e7ffe4b838d2496e9e72ac996
Patch
https://git.kernel.org/stable/c/c98324ea7849b6e5baa1774f71709b375a2c2f9e
Patch