Description
In the Linux kernel, the following vulnerability has been resolved:

pinctrl: pinconf-generic: Fully validate 'pinmux' property

The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property
is not empty when present. This might be not true. With that, the allocator
will give a special value in return and not NULL which lead to the crash
when trying to access that (invalid) memory. Fix that by fully validating
'pinmux' value, including its length.
Published: 2026-06-26
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel function pinconf_generic_parse_dt_pinmux() assumes a non‑empty 'pinmux' property, but if the property is empty the allocator returns a special value that is not NULL. When the code subsequently dereferences this value, the kernel crashes. This leads to a denial‑of‑service condition allowing an attacker to force a kernel panic. The underlying weakness is a null pointer dereference or use of invalid memory.

Affected Systems

Linux kernel implementations are affected. No explicit version range is provided, so all kernel releases that include the pinctrl: pinconf-generic subsystem are potentially impacted until the patch is applied.

Risk and Exploitability

Because the vulnerability resides in the kernel, exploitation requires the attacker to trigger a malformed pinmux property, likely via a crafted device tree or custom driver. While no CVSS or EPSS score is available and the flaw is not listed in CISA KEV, the nature of a kernel panic implies a high severity. The attack vector is inferred to be local or via a privileged code path that can supply the malformed property. Prompt patching is recommended to eliminate this risk.

Generated by OpenCVE AI on June 26, 2026 at 22:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that includes the full validation of the 'pinmux' property.
  • Rebuild and flash the updated kernel to affected machines.
  • Verify that device tree sources contain non‑empty and correctly formatted 'pinmux' entries; if necessary, remove or correct them until the patch is applied.

Generated by OpenCVE AI on June 26, 2026 at 22:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.
Title pinctrl: pinconf-generic: Fully validate 'pinmux' property
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:41:02.046Z

Reserved: 2026-06-09T07:44:35.397Z

Link: CVE-2026-53307

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T22:15:06Z

Weaknesses