Skip to main content

Linux Kernel CVE-2026-46269

| EUVDEUVD-2026-34131 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-03 Linux GHSA-qm9x-frx6-xcv6
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 09, 2026 - 20:18 vuln.today
CVSS changed
Jun 09, 2026 - 19:52 NVD
5.5 (MEDIUM)
Patch available
Jun 03, 2026 - 19:01 EUVD
CVE Published
Jun 03, 2026 - 15:50 nvd
UNKNOWN (no severity yet)
CVE Published
Jun 03, 2026 - 15:50 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree

When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: [ 0.732084] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000068 [ 0.740737] ... [ 0.776296] epc : k230_pinctrl_probe+0x1be/0x4fc

In k230_pinctrl_parse_functions(), we attempt to retrieve the device pointer via info->pctl_dev->dev, but info->pctl_dev is only initialized after k230_pinctrl_parse_dt() completes.

At the time of DT parsing, info->pctl_dev is still NULL, leading to the invalid dereference of info->pctl_dev->dev.

Use the already available device pointer from platform_device instead of accessing through uninitialized pctl_dev.

AnalysisAI

NULL pointer dereference in the Linux kernel's Canaan K230 pinctrl driver causes a local denial of service during device tree parsing. Specifically, k230_pinctrl_parse_functions() dereferences info->pctl_dev->dev before info->pctl_dev is initialized, triggering a kernel panic on systems using the K230 SoC. A low-privileged local attacker on affected hardware can crash the kernel, fully denying system availability. No public exploit code exists and EPSS of 0.02% (5th percentile) indicates minimal exploitation probability; however, the straightforward trigger condition and kernel-crash impact warrant prompt patching on K230-based deployments.

Technical ContextAI

The vulnerability resides in drivers/pinctrl/canaan/pinctrl-k230.c within the Linux kernel, affecting the pinctrl subsystem for the Canaan Kendryte K230 SoC - an RISC-V based edge AI processor. CWE-476 (NULL Pointer Dereference) is the root cause: during driver probe via k230_pinctrl_probe(), the function k230_pinctrl_parse_dt() is called to parse devicetree nodes, which internally calls k230_pinctrl_parse_functions(). That function attempts to retrieve the device pointer via info->pctl_dev->dev, but info->pctl_dev is only assigned after k230_pinctrl_parse_dt() returns - creating a temporal ordering violation where the field is still NULL at dereference time. The kernel crash address (virtual address 0x68, offset into the pctl_dev struct) confirms this is a direct dereference of a NULL-based struct pointer. CPE data identifies the affected product as cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*, covering a range of stable kernel branches. The fix replaces the NULL path with the already-available platform_device pointer passed to the probe function.

RemediationAI

The primary fix is to upgrade to a patched kernel release: 6.18.14 or 6.19.4 for production use, or apply stable-tree backport commits for 6.15.x (commit 3c7d637bfc3dfbd6471c68bd767f7eb8b5b09eba), 6.16.x (commit 1d0d361f4dbc2bb2003594f84e4b101fc6b508c0), or 6.17.x (commit d8c128fb6c2277d95f3f6a4ce28b82c8370031f6) - all available at https://git.kernel.org/stable/. For K230-based embedded systems where kernel updates are difficult to deploy, a compensating control is to blacklist or disable the k230-pinctrl kernel module (add 'blacklist pinctrl-k230' to /etc/modprobe.d/) if pinctrl functionality is not required, though this will disable GPIO and pin multiplexing on the SoC, potentially breaking peripheral devices. Restricting physical and interactive access to K230 systems limits the local-only exposure. No side effects are expected from applying the upstream patch, as it is a minimal fix replacing the NULL dereference path with an already-available device pointer.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-46269 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy