CVE-2025-38655
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: add NULL check in DT parse Add a NULL check for the return value of of_get_property() when retrieving the "pinmux" property in the group parser. This avoids a potential NULL pointer dereference if the property is missing from the device tree node. Also fix a typo ("sintenel") in the device ID match table comment, correcting it to "sentinel".
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-26
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-38655
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a potential NULL pointer dereference in the Linux kernel's pinctrl driver for canaan k230. It occurs because the code did not check if the 'pinmux' property was missing from the device tree node before using it, which could lead to a crash or unexpected behavior. The fix adds a NULL check to prevent this issue.

Impact Analysis

If the 'pinmux' property is missing in the device tree node, the kernel could dereference a NULL pointer, potentially causing the system to crash or behave unpredictably. This could lead to system instability or denial of service.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38655. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart