CVE-2026-53307 is a vulnerability in Linux Kernel
Published on June 26, 2026
pinctrl: pinconf-generic: Fully validate 'pinmux' property
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: pinconf-generic: Fully validate 'pinmux' property
The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property
is not empty when present. This might be not true. With that, the allocator
will give a special value in return and not NULL which lead to the crash
when trying to access that (invalid) memory. Fix that by fully validating
'pinmux' value, including its length.
Products Associated with CVE-2026-53307
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 7112c05fff83e15726dd60a10248b76474e3cdf9 and below 6476aac13805721e16439bd71f0e1703a4154517 is affected.
- Version 7112c05fff83e15726dd60a10248b76474e3cdf9 and below b7842b722169359e7ffe4b838d2496e9e72ac996 is affected.
- Version 7112c05fff83e15726dd60a10248b76474e3cdf9 and below c98324ea7849b6e5baa1774f71709b375a2c2f9e is affected.
- Version 6.15 is affected.
- Before 6.15 is unaffected.
- Version 6.18.33, <= 6.18.* is unaffected.
- Version 7.0.10, <= 7.0.* is unaffected.
- Version 7.1, <= * is unaffected.