Linux Kernel Pinctrl Device Tree Null Pointer Dereference Vulnerability

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's pinctrl device tree handling. This issue arises in the 'pinctrl_dt_to_map' function, where a failure in memory allocation can lead to a null pointer being dereferenced, causing a crash. The vulnerability was reported by KASAN, which detected the null pointer dereference during a string comparison operation. The issue occurs when 'kasprintf' fails to allocate memory, returning a null pointer that is not properly handled, leading to a dereference of a null address.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a kernel crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Pinctrl Device Tree Null Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating