GHSA-4qpg-p2c6-564vMediumCVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic:...
🔗 CVE IDs covered (1)
📋 Description
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: pinconf-generic: Fully validate 'pinmux' property
The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.
🔗 References (5)
- https://nvd.nist.gov/vuln/detail/CVE-2026-53307
- https://git.kernel.org/stable/c/6476aac13805721e16439bd71f0e1703a4154517
- https://git.kernel.org/stable/c/b7842b722169359e7ffe4b838d2496e9e72ac996
- https://git.kernel.org/stable/c/c98324ea7849b6e5baa1774f71709b375a2c2f9e
- https://github.com/advisories/GHSA-4qpg-p2c6-564v