CVE-2026-46269
Received Received - Intake
NULL Pointer Dereference in Linux Kernel K230 Pinctrl Driver

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: [ 0.732084] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000068 [ 0.740737] ... [ 0.776296] epc : k230_pinctrl_probe+0x1be/0x4fc In k230_pinctrl_parse_functions(), we attempt to retrieve the device pointer via info->pctl_dev->dev, but info->pctl_dev is only initialized after k230_pinctrl_parse_dt() completes. At the time of DT parsing, info->pctl_dev is still NULL, leading to the invalid dereference of info->pctl_dev->dev. Use the already available device pointer from platform_device instead of accessing through uninitialized pctl_dev.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-04
AI Q&A
2026-06-03
EPSS Evaluated
N/A
NVD
CVE-2026-46269
EUVD
EUVD-2026-34131
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
canaan k230 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's k230 pinctrl driver when it tries to parse the device tree. During this process, the driver attempts to access a device pointer through an uninitialized structure, specifically info->pctl_dev->dev, where info->pctl_dev is still NULL. This leads to a NULL pointer dereference, causing the kernel to crash.

The root cause is that the device pointer is accessed before it is properly initialized. The fix involves using the device pointer already available from the platform_device instead of the uninitialized pctl_dev pointer.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference when the k230 pinctrl driver is probed. Such a crash can lead to system instability, denial of service, or unexpected reboots, potentially disrupting normal operations on affected devices using this driver.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability causes a NULL pointer dereference in the Linux kernel when probing the k230 pinctrl driver, leading to a kernel crash.

Detection can be done by monitoring kernel logs for crash traces similar to the following message:

  • [ 0.732084] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000068
  • [ 0.776296] epc : k230_pinctrl_probe+0x1be/0x4fc

You can check the kernel logs using commands such as:

  • dmesg | grep -i 'k230_pinctrl_probe'
  • journalctl -k | grep -i 'NULL pointer dereference'

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the k230 pinctrl driver has been fixed.

The fix involves using the already available device pointer from platform_device instead of accessing through the uninitialized pctl_dev pointer.

Until the update is applied, avoid probing or using the k230 pinctrl driver to prevent kernel crashes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart