CVE-2026-53344

ANALYSIS PENDING

pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init Regmap initialization triggers regcache_maple_populate() which attempts SPI read to populate cache. SPI read requires mcp->dev and mcp->addr to be set, without them, NULL pointer dereference occurs during probe. Move initialization before mcp23s08_spi_regmap_init() call.

Scores

EPSS 0.0014
EPSS Percentile 4.1%

Details

Status published
Products (7)
linux/Kernel 6.19.0 - 7.0.13linux
Linux/Linux < 6.19
Linux/Linux 6.19
Linux/Linux 7.0.13 - 7.0.*
Linux/Linux 7.1
Linux/Linux f9f4fda15e720686f1b2b436591ab11255e4e85e - 3a13bb9540dfd7014c5601608afcbbadbbcfd673
Linux/Linux f9f4fda15e720686f1b2b436591ab11255e4e85e - 8473c3a197b57ff01396f7a2ec6ddf65383820d4
Published Jul 01, 2026
Tracked Since Jul 01, 2026