Linux Kernel Pinctrl AT91 Out-of-Bounds Access Vulnerability

Vulnerability

A vulnerability in the Linux kernel's pinctrl AT91 component could lead to out-of-bounds access. The issue arises in the at91_gpio_probe() function, which fails to verify the availability of a given OF alias before using it as an index for the gpio_chips array. This oversight could result in accessing invalid memory locations. Additionally, the BUG() macro, which could catch such errors, can be omitted during compilation, allowing the issue to persist unchecked.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing memory corruption or allowing for arbitrary code execution.

Added: Jul 10, 2025, 9:32 AM

Updated: Jul 10, 2025, 9:32 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Pinctrl AT91 Out-of-Bounds Access Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating