NULL pointer dereference in Linux kernel - CVE-2026-53344
Published: July 2, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the mcp23s08 probe path when initializing regmap during device probe. A local attacker can trigger device probe to cause a denial of service.
The issue occurs because regmap initialization triggers an SPI read to populate the cache before the device and address fields are initialized.