Impact
The Linux kernel function pinconf_generic_parse_dt_pinmux() assumes that the "pinmux" property is non‑empty when present. If the property is empty, the allocator returns a special value that is not NULL, and the later dereference of this value causes a kernel crash. This results in a denial‑of‑service condition that can lead to a kernel panic. The vulnerability is rooted in a null pointer dereference and improper handling of invalid memory, corresponding to weakness CWE‑824.
Affected Systems
Linux kernel implementations that include the pinctrl: pinconf-generic subsystem are affected. Because no explicit version range is provided, any kernel release containing this subsystem could be impacted until the patch for full validation of the "pinmux" property is applied.
Risk and Exploitability
The vulnerability resides in kernel code and requires an attacker to provide a malformed "pinmux" property, likely via a custom driver or crafted device tree. The EPSS score of < 1% indicates a very low exploitation probability, and the issue is not listed in the CISA KEV catalog. The attack vector is inferred to be local or to any privileged code path that can inject the malformed property. Prompt patching is recommended to eliminate this risk.
OpenCVE Enrichment