Improper Order of Device Tree Parsing in Linux Kernel Affects Canaan K230
CVE-2025-38654

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
22 August 2025

What is CVE-2025-38654?

In the Linux kernel, a significant vulnerability was identified in the Canaan K230 pin control driver. The issue stemmed from the incorrect order of device tree parsing relative to the pin control register process. The vulnerability could lead to the use of uninitialized pin resources, potentially causing unexpected behavior in device operations. This flaw has been addressed by ensuring that the device tree parsing is completed before the pin control registration is invoked, thereby enhancing system reliability and security.

Affected Version(s)

Linux 545887eab6f6776a7477fe7e83860eab57138b03 < 02c1deb1bff2b6d242e29a51e56107495979a2b8

Linux 545887eab6f6776a7477fe7e83860eab57138b03 < 0ec03251d01494ef207089b5bd626becfd05fd86

Linux 545887eab6f6776a7477fe7e83860eab57138b03

References

https://git.kernel.org/stable/c/02c1deb1bff2b6d242e29a51e...
https://git.kernel.org/stable/c/0ec03251d01494ef207089b5b...
https://git.kernel.org/stable/c/d94a32ac688f953dc9a9f12b5...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38654 : Improper Order of Device Tree Parsing in Linux Kernel Affects Canaan K230