SB2026070258 - NULL pointer dereference in Linux kernel pinctrl driver
Published: July 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2026-53344)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the mcp23s08 probe path when initializing regmap during device probe. A local attacker can trigger device probe to cause a denial of service.
The issue occurs because regmap initialization triggers an SPI read to populate the cache before the device and address fields are initialized.
Remediation
Install update from vendor's website.