Linux Kernel Ralink Pinctrl Null Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's pinctrl subsystem for Ralink devices can lead to a null pointer dereference. This issue arises because the memory allocation function devm_kcalloc can fail, potentially leaving data->domains as a null pointer. If this null pointer is later dereferenced, it can cause a crash. The vulnerability has been addressed by adding a check for null allocations, ensuring that -ENOMEM is returned without manually releasing data if the allocation fails.

Impact

Exploitation of this vulnerability can lead to a null pointer dereference, causing a kernel crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Ralink Pinctrl Null Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating