Skip to main content

Linux Kernel CVE-2026-53307

| EUVDEUVD-2026-39842 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-26 Linux GHSA-4qpg-p2c6-564v
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

AC:H reflects the specific DT configuration prerequisite (empty pinmux property on a pinctrl-using platform); otherwise metrics align with NVD assessment.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 06, 2026 - 20:31 vuln.today
CVSS changed
Jul 06, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:41 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 26, 2026 - 19:41 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: pinconf-generic: Fully validate 'pinmux' property

The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.

AnalysisAI

Null pointer dereference in the Linux kernel's pinctrl subsystem allows a local low-privileged attacker to crash the kernel, causing a denial of service. The flaw exists in pinconf_generic_parse_dt_pinmux(), which fails to validate that a 'pinmux' Device Tree property is non-empty before use - an empty property causes the allocator to return an invalid non-NULL pointer, and subsequent memory access triggers a kernel panic. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain low-privilege local shell access
Delivery
Load or trigger DT pinctrl overlay with empty 'pinmux' property
Exploit
pinconf_generic_parse_dt_pinmux() receives zero-length property
Execution
Allocator returns invalid non-NULL pointer
Persist
Kernel dereferences invalid pointer
Impact
Kernel panic (system crash)

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) a Linux kernel version between commit 7112c05fff83e15726dd60a10248b76474e3cdf9 and the respective stable fix commits; (2) a platform using Device Tree-based pin control (ARM, ARM64, RISC-V SoC - not standard x86/x86-64); (3) a Device Tree blob or overlay containing a 'pinmux' property that is present but empty (zero-length). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is moderate-to-low despite the kernel availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with low-privilege shell access on an ARM/ARM64 embedded system loads or triggers re-evaluation of a pinctrl configuration - either by manipulating a Device Tree overlay or by engineering a hardware probe sequence - that results in the kernel processing an empty 'pinmux' property. The kernel's pinconf_generic_parse_dt_pinmux() dereferences the invalid allocator return value, triggering a kernel NULL pointer dereference and immediate system crash. …
Remediation Apply the vendor-released stable-branch patches: upgrade to Linux 6.18.33 (fix commit c98324ea7849b6e5baa1774f71709b375a2c2f9e), Linux 7.0.10 (fix commit b7842b722169359e7ffe4b838d2496e9e72ac996), or Linux 7.1+ (fix commit b7842b722169359e7ffe4b838d2496e9e72ac996), all available at https://git.kernel.org/stable/. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53307 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy