Description
In the Linux kernel, the following vulnerability has been resolved:

pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree

When probing the k230 pinctrl driver, the kernel triggers a NULL pointer
dereference. The crash trace showed:
[ 0.732084] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000068
[ 0.740737] ...
[ 0.776296] epc : k230_pinctrl_probe+0x1be/0x4fc

In k230_pinctrl_parse_functions(), we attempt to retrieve the device
pointer via info->pctl_dev->dev, but info->pctl_dev is only initialized
after k230_pinctrl_parse_dt() completes.

At the time of DT parsing, info->pctl_dev is still NULL, leading to
the invalid dereference of info->pctl_dev->dev.

Use the already available device pointer from platform_device
instead of accessing through uninitialized pctl_dev.
Published: 2026-06-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel k230 pinctrl driver contains a bug that executes a NULL pointer dereference during device-tree parsing in k230_pinctrl_probe. The code attempts to access info->pctl_dev->dev before info->pctl_dev is initialized, causing an immediate kernel crash. The crash indicates that any process loading the driver during boot or module insertion will be disrupted, leading to system unavailability for all services.

Affected Systems

The flaw resides in the k230 pinctrl driver that is part of the mainline Linux kernel. All distributions that ship a kernel including this driver before the patch may be affected; no specific version numbers are supplied, so any kernel with the unpatched driver is potentially vulnerable.

Risk and Exploitability

EPSS score is <1%, indicating a very low likelihood of real-world exploitation, and the CVSS score of 5.5 signals moderate severity. Exploitation requires local modification of the device-tree or boot process that triggers the probe, so the attack vector is inferred to be local. While the primary impact is a denial of service, the lack of known exploitation activity means the vulnerability remains theoretical until a local attacker gains the required control. Patching mitigates all risk.

Generated by OpenCVE AI on June 9, 2026 at 22:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel patch that updates the k230 pinctrl driver to use the existing device pointer during device-tree parsing.
  • Rebuild and install the updated kernel or load the corrected module.
  • Reboot the system so the new driver is initialized and verifies that the system boots without a kernel crash.

Generated by OpenCVE AI on June 9, 2026 at 22:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 04 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-824
References

Wed, 03 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: [ 0.732084] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000068 [ 0.740737] ... [ 0.776296] epc : k230_pinctrl_probe+0x1be/0x4fc In k230_pinctrl_parse_functions(), we attempt to retrieve the device pointer via info->pctl_dev->dev, but info->pctl_dev is only initialized after k230_pinctrl_parse_dt() completes. At the time of DT parsing, info->pctl_dev is still NULL, leading to the invalid dereference of info->pctl_dev->dev. Use the already available device pointer from platform_device instead of accessing through uninitialized pctl_dev.
Title pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-03T15:50:11.254Z

Reserved: 2026-05-13T15:03:33.109Z

Link: CVE-2026-46269

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-06-03T18:16:28.593

Modified: 2026-06-09T19:51:51.733

Link: CVE-2026-46269

cve-icon Redhat

Severity :

Publid Date: 2026-06-03T00:00:00Z

Links: CVE-2026-46269 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:30:14Z

Weaknesses
  • CWE-476

    NULL Pointer Dereference

  • CWE-824

    Access of Uninitialized Pointer