Description
In the Linux kernel, the following vulnerability has been resolved:

pinctrl: pinconf-generic: Fully validate 'pinmux' property

The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property
is not empty when present. This might be not true. With that, the allocator
will give a special value in return and not NULL which lead to the crash
when trying to access that (invalid) memory. Fix that by fully validating
'pinmux' value, including its length.
Published: 2026-06-26
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel function pinconf_generic_parse_dt_pinmux() assumes that the "pinmux" property is non‑empty when present. If the property is empty, the allocator returns a special value that is not NULL, and the later dereference of this value causes a kernel crash. This results in a denial‑of‑service condition that can lead to a kernel panic. The vulnerability is rooted in a null pointer dereference and improper handling of invalid memory, corresponding to weakness CWE‑824.

Affected Systems

Linux kernel implementations that include the pinctrl: pinconf-generic subsystem are affected. Because no explicit version range is provided, any kernel release containing this subsystem could be impacted until the patch for full validation of the "pinmux" property is applied.

Risk and Exploitability

The vulnerability resides in kernel code and requires an attacker to provide a malformed "pinmux" property, likely via a custom driver or crafted device tree. The EPSS score of < 1% indicates a very low exploitation probability, and the issue is not listed in the CISA KEV catalog. The attack vector is inferred to be local or to any privileged code path that can inject the malformed property. Prompt patching is recommended to eliminate this risk.

Generated by OpenCVE AI on June 29, 2026 at 16:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official kernel patch that includes the full validation of the 'pinmux' property.
  • Rebuild the kernel with the patch applied and flash the updated kernel to the affected machines.
  • After applying the patch, review device tree sources to ensure that any 'pinmux' entries are non‑empty and properly formatted; correct or remove any problematic entries until the patch is active.

Generated by OpenCVE AI on June 29, 2026 at 16:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Mon, 29 Jun 2026 12:15:00 +0000


Fri, 26 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.
Title pinctrl: pinconf-generic: Fully validate 'pinmux' property
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:41:02.046Z

Reserved: 2026-06-09T07:44:35.397Z

Link: CVE-2026-53307

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53307 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T16:30:17Z

Weaknesses
  • CWE-824

    Access of Uninitialized Pointer