GHSA-7638-fmxx-mr26unknown

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08:...

Published
July 1, 2026
Last Modified
July 1, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init

Regmap initialization triggers regcache_maple_populate() which attempts SPI read to populate cache. SPI read requires mcp->dev and mcp->addr to be set, without them, NULL pointer dereference occurs during probe.

Move initialization before mcp23s08_spi_regmap_init() call.

🔗 References (4)