GHSA-4qpg-p2c6-564vMediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic:...

Published
June 26, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: pinconf-generic: Fully validate 'pinmux' property

The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.

🔗 References (5)