CVE-2025-38655

MEDIUM EPSS 4.0%
Published Aug 22, 202510mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 22, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: add NULL check in DT parse Add a NULL check for the return value of of_get_property() when retrieving the "pinmux" property in the group parser. This avoids a potential NULL pointer dereference if the property is missing from the device tree node. Also fix a typo ("sintenel") in the device ID match table comment, correcting it to "sentinel".

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.13  –  <6.15.10
linuxlinux_kernel*≥6.16  –  <6.16.1

References 3

  • git.kernel.org https://git.kernel.org/stable/c/5d324b262c0ff256b8d603596574d66267b6394f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/65bd0be486390fc12a84eafaad78758c5e5a55e6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b5ae84aeff60b8819e8568ff0c57590caed9e6d3
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/5d324b262c0ff256b8d603596574d66267b6394f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/65bd0be486390fc12a84eafaad78758c5e5a55e6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b5ae84aeff60b8819e8568ff0c57590caed9e6d3
    Patch