CVE-2026-46269

MEDIUM EPSS 1.7%
Published Jun 3, 20263w ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jun 3, 2026 3w ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: [ 0.732084] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000068 [ 0.740737] ... [ 0.776296] epc : k230_pinctrl_probe+0x1be/0x4fc In k230_pinctrl_parse_functions(), we attempt to retrieve the device pointer via info->pctl_dev->dev, but info->pctl_dev is only initialized after k230_pinctrl_parse_dt() completes. At the time of DT parsing, info->pctl_dev is still NULL, leading to the invalid dereference of info->pctl_dev->dev. Use the already available device pointer from platform_device instead of accessing through uninitialized pctl_dev.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥6.15.10  –  <6.16
linuxlinux_kernel*≥6.16.1  –  <6.18.14
linuxlinux_kernel*≥6.19  –  <6.19.4

References 3

  • git.kernel.org https://git.kernel.org/stable/c/1d0d361f4dbc2bb2003594f84e4b101fc6b508c0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c7d637bfc3dfbd6471c68bd767f7eb8b5b09eba
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d8c128fb6c2277d95f3f6a4ce28b82c8370031f6
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1d0d361f4dbc2bb2003594f84e4b101fc6b508c0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c7d637bfc3dfbd6471c68bd767f7eb8b5b09eba
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d8c128fb6c2277d95f3f6a4ce28b82c8370031f6
    Patch