CVE-2026-53307

Source
https://cve.org/CVERecord?id=CVE-2026-53307
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53307.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53307
Downstream
Published
2026-06-26T19:41:02.046Z
Modified
2026-07-08T08:06:26.835471365Z
Summary
pinctrl: pinconf-generic: Fully validate 'pinmux' property
Details

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: pinconf-generic: Fully validate 'pinmux' property

The pinconfgenericparsedtpinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53307.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7112c05fff83e15726dd60a10248b76474e3cdf9
Fixed
6476aac13805721e16439bd71f0e1703a4154517
Fixed
b7842b722169359e7ffe4b838d2496e9e72ac996
Fixed
c98324ea7849b6e5baa1774f71709b375a2c2f9e

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53307.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.15.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53307.json"