Linux Kernel Vulnerability in Pinctrl Affecting Canaan Products
CVE-2025-38655

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
22 August 2025

What is CVE-2025-38655?

A vulnerability in the Linux kernel's pinctrl component for Canaan devices allows for a NULL pointer dereference under certain conditions. This occurs if the 'pinmux' property is missing from the device tree node, specifically in the group parser. A NULL check has been added to the property retrieval method to mitigate this risk, preventing potential system crashes. Additionally, a minor correction was made to the device ID match table to rectify a typographical error.

Affected Version(s)

Linux 545887eab6f6776a7477fe7e83860eab57138b03

Linux 545887eab6f6776a7477fe7e83860eab57138b03 < 5d324b262c0ff256b8d603596574d66267b6394f

Linux 545887eab6f6776a7477fe7e83860eab57138b03 < 65bd0be486390fc12a84eafaad78758c5e5a55e6

References

https://git.kernel.org/stable/c/b5ae84aeff60b8819e8568ff0...
https://git.kernel.org/stable/c/5d324b262c0ff256b8d603596...
https://git.kernel.org/stable/c/65bd0be486390fc12a84eafaa...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38655 : Linux Kernel Vulnerability in Pinctrl Affecting Canaan Products