NULL Pointer Dereference in Canaan K230 Pinctrl Driver
CVE-2026-46269

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 June 2026

What is CVE-2026-46269?

A vulnerability exists in the K230 Pinctrl driver within the Linux kernel, which can lead to a NULL pointer dereference during device tree parsing. Specifically, when the driver called k230_pinctrl_probe, it attempted to access an uninitialized device pointer, causing a system crash. This issue arises due to improper handling of the device initialization sequence, where the device pointer is only set after parsing the device tree. By ensuring access to the device pointer from the platform device, rather than relying on an uninitialized structure, this vulnerability can be mitigated.

Affected Version(s)

Linux d94a32ac688f953dc9a9f12b5b4139ecad841bbb < 3c7d637bfc3dfbd6471c68bd767f7eb8b5b09eba

Linux d94a32ac688f953dc9a9f12b5b4139ecad841bbb < 1d0d361f4dbc2bb2003594f84e4b101fc6b508c0

Linux d94a32ac688f953dc9a9f12b5b4139ecad841bbb

References

https://git.kernel.org/stable/c/3c7d637bfc3dfbd6471c68bd7...

https://git.kernel.org/stable/c/1d0d361f4dbc2bb2003594f84...

https://git.kernel.org/stable/c/d8c128fb6c2277d95f3f6a4ce...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46269 Data

JSON