Linux Kernel Canaan K230 Pinctrl NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's handling of the 'pinmux' property for the Canaan K230 SoC has been addressed. The issue was a potential NULL pointer dereference in the device tree group parser, which could occur if the 'pinmux' property was absent from the device tree node. This vulnerability has been fixed by adding a NULL check for the property. Additionally, a typo in the device ID match table comment was corrected.

Impact

Exploitation of this vulnerability could lead to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by using a device tree that omits the 'pinmux' property for a pinctrl group on the Canaan K230 SoC. The missing property will trigger the NULL pointer dereference when the pinctrl driver attempts to parse the groups.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.