Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AC:H reflects the specific DT configuration prerequisite (empty pinmux property on a pinctrl-using platform); otherwise metrics align with NVD assessment.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: pinconf-generic: Fully validate 'pinmux' property
The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.
AnalysisAI
Null pointer dereference in the Linux kernel's pinctrl subsystem allows a local low-privileged attacker to crash the kernel, causing a denial of service. The flaw exists in pinconf_generic_parse_dt_pinmux(), which fails to validate that a 'pinmux' Device Tree property is non-empty before use - an empty property causes the allocator to return an invalid non-NULL pointer, and subsequent memory access triggers a kernel panic. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) a Linux kernel version between commit 7112c05fff83e15726dd60a10248b76474e3cdf9 and the respective stable fix commits; (2) a platform using Device Tree-based pin control (ARM, ARM64, RISC-V SoC - not standard x86/x86-64); (3) a Device Tree blob or overlay containing a 'pinmux' property that is present but empty (zero-length). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is moderate-to-low despite the kernel availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local attacker with low-privilege shell access on an ARM/ARM64 embedded system loads or triggers re-evaluation of a pinctrl configuration - either by manipulating a Device Tree overlay or by engineering a hardware probe sequence - that results in the kernel processing an empty 'pinmux' property. The kernel's pinconf_generic_parse_dt_pinmux() dereferences the invalid allocator return value, triggering a kernel NULL pointer dereference and immediate system crash. … |
| Remediation | Apply the vendor-released stable-branch patches: upgrade to Linux 6.18.33 (fix commit c98324ea7849b6e5baa1774f71709b375a2c2f9e), Linux 7.0.10 (fix commit b7842b722169359e7ffe4b838d2496e9e72ac996), or Linux 7.1+ (fix commit b7842b722169359e7ffe4b838d2496e9e72ac996), all available at https://git.kernel.org/stable/. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39842
GHSA-4qpg-p2c6-564v