pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc
CVE-2025-68222

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68222?

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc

s32_pinctrl_desc is allocated with devm_kmalloc(), but not all of its fields are initialized. Notably, num_custom_params is used in pinconf_generic_parse_dt_config(), resulting in intermittent allocation errors, such as the following splat when probing i2c-imx:

    WARNING: CPU: 0 PID: 176 at mm/page_alloc.c:4795 __alloc_pages_noprof+0x290/0x300
    [...]
    Hardware name: NXP S32G3 Reference Design Board 3 (S32G-VNP-RDB3) (DT)
    [...]
    Call trace:
     __alloc_pages_noprof+0x290/0x300 (P)
     ___kmalloc_large_node+0x84/0x168
     __kmalloc_large_node_noprof+0x34/0x120
     __kmalloc_noprof+0x2ac/0x378
     pinconf_generic_parse_dt_config+0x68/0x1a0
     s32_dt_node_to_map+0x104/0x248
     dt_to_map_one_config+0x154/0x1d8
     pinctrl_dt_to_map+0x12c/0x280
     create_pinctrl+0x6c/0x270
     pinctrl_get+0xc0/0x170
     devm_pinctrl_get+0x50/0xa0
     pinctrl_bind_pins+0x60/0x2a0
     really_probe+0x60/0x3a0
    [...]
     __platform_driver_register+0x2c/0x40
     i2c_adap_imx_init+0x28/0xff8 [i2c_imx]
    [...]

This results in later parse failures that can cause issues in dependent drivers:

    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c0-pins/i2c0-grp0: could not parse node property
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c0-pins/i2c0-grp0: could not parse node property
    [...]
    pca953x 0-0022: failed writing register: -6
    i2c i2c-0: IMX I2C adapter registered
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c2-pins/i2c2-grp0: could not parse node property
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c2-pins/i2c2-grp0: could not parse node property
    i2c i2c-1: IMX I2C adapter registered
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c4-pins/i2c4-grp0: could not parse node property
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c4-pins/i2c4-grp0: could not parse node property
    i2c i2c-2: IMX I2C adapter registered

Fix this by initializing s32_pinctrl_desc with devm_kzalloc() instead of devm_kmalloc() in s32_pinctrl_probe(), which sets the previously uninitialized fields to zero.

Affected Version(s)

Linux fd84aaa8173d3ff86f8df2009921336a1ea53a8a < 3b90bd8aaeb21b513ecc4ed03299e80ece44a333

Linux fd84aaa8173d3ff86f8df2009921336a1ea53a8a < 583ac7f65791ceda38ea1a493a4859f7161dcb03

Linux fd84aaa8173d3ff86f8df2009921336a1ea53a8a < 7bbdd6c30e8fd92f7165b7730b038cfe42102004

References

https://git.kernel.org/stable/c/3b90bd8aaeb21b513ecc4ed03...
https://git.kernel.org/stable/c/583ac7f65791ceda38ea1a493...
https://git.kernel.org/stable/c/7bbdd6c30e8fd92f7165b7730...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-68222 : Uninitialized Memory Vulnerability in NXP S32G3 Reference Design Board