SB2026070258 - NULL pointer dereference in Linux kernel pinctrl driver



SB2026070258 - NULL pointer dereference in Linux kernel pinctrl driver

Published: July 2, 2026

Security Bulletin ID SB2026070258
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) NULL pointer dereference (CVE-ID: CVE-2026-53344)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to cause a denial of service.

The vulnerability exists due to a NULL pointer dereference in the mcp23s08 probe path when initializing regmap during device probe. A local attacker can trigger device probe to cause a denial of service.

The issue occurs because regmap initialization triggers an SPI read to populate the cache before the device and address fields are initialized.


Remediation

Install update from vendor's website.