CVE-2026-53344 is a vulnerability in Linux Kernel
Published on July 1, 2026
pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init
Regmap initialization triggers regcache_maple_populate() which attempts
SPI read to populate cache. SPI read requires mcp->dev and mcp->addr to
be set, without them, NULL pointer dereference occurs during probe.
Move initialization before mcp23s08_spi_regmap_init() call.
Products Associated with CVE-2026-53344
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version f9f4fda15e720686f1b2b436591ab11255e4e85e and below 3a13bb9540dfd7014c5601608afcbbadbbcfd673 is affected.
- Version f9f4fda15e720686f1b2b436591ab11255e4e85e and below 8473c3a197b57ff01396f7a2ec6ddf65383820d4 is affected.
- Version 6.19 is affected.
- Before 6.19 is unaffected.
- Version 7.0.13, <= 7.0.* is unaffected.
- Version 7.1, <= * is unaffected.