Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-53307— pinctrl: pinconf-generic: Fully validate 'pinmux' property

AI Predicted 5.3 Difficulty: Hard EPSS 0.11% · P2

Affected Version Matrix 8

VendorProductVersion RangeStatus
LinuxLinux7112c05fff83e15726dd60a10248b76474e3cdf9< 6476aac13805721e16439bd71f0e1703a4154517affected
7112c05fff83e15726dd60a10248b76474e3cdf9< b7842b722169359e7ffe4b838d2496e9e72ac996affected
7112c05fff83e15726dd60a10248b76474e3cdf9< c98324ea7849b6e5baa1774f71709b375a2c2f9eaffected
6.15affected
< 6.15unaffected
6.18.33≤ 6.18.*unaffected
7.0.10≤ 7.0.*unaffected
7.1≤ *unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53307

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
pinctrl: pinconf-generic: Fully validate 'pinmux' property
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会开源的操作系统Linux所使用的内核。 Linux kernel 6.15版本存在安全漏洞,该漏洞源于pinconf-generic中未完全验证'pinmux'属性,可能导致访问无效内存时崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 7112c05fff83e15726dd60a10248b76474e3cdf9 ~ 6476aac13805721e16439bd71f0e1703a4154517 -
LinuxLinux 6.15 -

II. Public POCs for CVE-2026-53307

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53307

登录查看更多情报信息。

Patches & Fixes for CVE-2026-53307 (3)

Same Patch Batch · Linux · 2026-06-26 · 47 CVEs total

CVE-2026-533099.8 CRITICALocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison
CVE-2026-533228.8 HIGHvfio/pci: Clean up DMABUFs before disabling function
CVE-2026-532818.8 HIGHiommu/vt-d: Avoid NULL pointer dereference or refcount corruption
CVE-2026-533007.8 HIGHnet: enetc: fix NTMP DMA use-after-free issue
CVE-2026-532907.8 HIGHdrm/xe/eustall: Fix drm_dev_put called before stream disable in close
CVE-2026-532847.5 HIGHbtrfs: only release the dirty pages io tree after successful writes
CVE-2026-53293drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG
CVE-2026-53324net: mana: Use pci_name() for debugfs directory naming
CVE-2026-53283iommu/amd: Bounds-check devid in __rlookup_amd_iommu()
CVE-2026-53280iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()
CVE-2026-53282x86/kexec: Push kjump return address even for non-kjump kexec
CVE-2026-53279drm/gma500/oaktrail_lvds: fix hang on init failure
CVE-2026-53292net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind
CVE-2026-53291ALSA: hda/conexant: Fix missing error check for jack detection
CVE-2026-53289ice: fix NULL pointer dereference in ice_reset_all_vfs()
CVE-2026-53294mailbox: mailbox-test: don't free the reused channel
CVE-2026-53295mailbox: add sanity check for channel array
CVE-2026-53296mailbox: mailbox-test: free channels on probe error
CVE-2026-53297net: mana: Guard mana_remove against double invocation
CVE-2026-53298net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()

Showing top 20 of 47 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-53307

No comments yet


Leave a comment