CVE-2026-53307

MEDIUM

pinctrl: pinconf-generic: Fully validate 'pinmux' property

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.

Scores

CVSS v3 5.5
EPSS 0.0011
EPSS Percentile 1.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (11)
linux/Kernel 6.15.0 - 6.18.33linux
linux/Kernel 6.19.0 - 7.0.10linux
Linux/Linux < 6.15
Linux/Linux 6.15
Linux/Linux 6.18.33 - 6.18.*
Linux/Linux 7.0.10 - 7.0.*
Linux/Linux 7.1
Linux/Linux 7112c05fff83e15726dd60a10248b76474e3cdf9 - 6476aac13805721e16439bd71f0e1703a4154517
Linux/Linux 7112c05fff83e15726dd60a10248b76474e3cdf9 - b7842b722169359e7ffe4b838d2496e9e72ac996
Linux/Linux 7112c05fff83e15726dd60a10248b76474e3cdf9 - c98324ea7849b6e5baa1774f71709b375a2c2f9e
... and 1 more
Published Jun 26, 2026
Tracked Since Jun 27, 2026