CVE Catalog

CVE-2026-46269

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel that leads to a NULL pointer dereference when parsing the device tree in the k230 pinctrl driver. This issue occurs when attempting to retrieve the device pointer before it has been initialized.

Risk Assessment

This vulnerability may lead to system crashes, impacting the availability of services within the organization. If exploited, an attacker could cause unpredictable system behavior.

Recommendation

It is recommended to update the Linux kernel to the latest version where this vulnerability has been fixed. Additionally, monitor systems for unauthorized access attempts.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: [ 0.732084] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000068 [ 0.740737] ... [ 0.776296] epc : k230_pinctrl_probe+0x1be/0x4fc In k230_pinctrl_parse_functions(), we attempt to retrieve the device pointer via info->pctl_dev->dev, but info->pctl_dev is only initialized after k230_pinctrl_parse_dt() completes. At the time of DT parsing, info->pctl_dev is still NULL, leading to the invalid dereference of info->pctl_dev->dev. Use the already available device pointer from platform_device instead of accessing through uninitialized pctl_dev.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS