Impact
During the probe of the MCP23S08 pinctrl driver, the regmap initialization triggers a SPI read that attempts to populate the cache. If the struct members mcp->dev and mcp->addr are not initialized before this operation, a null pointer dereference occurs, leading to a kernel panic or crash. The vulnerability is a classic NULL pointer dereference flaw that can result in a denial of service.
Affected Systems
All Linux kernel releases that include the pinctrl:mcp23s08 driver without the patch, typically kernel versions prior to the commit that moves initialization before regmap init. The affected vendor is Linux within the Linux kernel source tree, impacting any distribution that ships the unpatched kernel.
Risk and Exploitability
The EPSS score is not provided and the vulnerability is not listed in the CISA KEV catalog, indicating limited public exploitation data. However, the vulnerability has a high impact due to the kernel crash, and the exploitation likelihood is elevated for environments where the MCP23S08 device is present and the driver is loaded. The attack vector is inferred to be local, requiring the attacker to have the ability to trigger device probes or influence hardware configuration.
OpenCVE Enrichment