CVE-2026-53307

pinctrl: pinconf-generic: Fully validate 'pinmux' property

EPSS 0.2%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

26 Jun 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.

Affected products

Linux · Linux

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://git.kernel.org/stable/c/6476aac13805721e16439bd71f0e1703a4154517 https://git.kernel.org/stable/c/b7842b722169359e7ffe4b838d2496e9e72ac996 https://git.kernel.org/stable/c/c98324ea7849b6e5baa1774f71709b375a2c2f9e