CVE-2025-38655

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: add NULL check in DT parse Add a NULL check for the return value of of_get_property() when retrieving the "pinmux" property in the group parser. This avoids a potential NULL pointer dereference if the property is missing from the device tree node. Also fix a typo ("sintenel") in the device ID match table comment, correcting it to "sentinel".

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/5d324b262c0ff256b8d603596574d66267b6394f	Patch
https://git.kernel.org/stable/c/65bd0be486390fc12a84eafaad78758c5e5a55e6	Patch
https://git.kernel.org/stable/c/b5ae84aeff60b8819e8568ff0c57590caed9e6d3	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

26 Nov 2025, 16:32

Type	Values Removed	Values Added
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/5d324b262c0ff256b8d603596574d66267b6394f -~~	() https://git.kernel.org/stable/c/5d324b262c0ff256b8d603596574d66267b6394f - Patch
References	~~() https://git.kernel.org/stable/c/65bd0be486390fc12a84eafaad78758c5e5a55e6 -~~	() https://git.kernel.org/stable/c/65bd0be486390fc12a84eafaad78758c5e5a55e6 - Patch
References	~~() https://git.kernel.org/stable/c/b5ae84aeff60b8819e8568ff0c57590caed9e6d3 -~~	() https://git.kernel.org/stable/c/b5ae84aeff60b8819e8568ff0c57590caed9e6d3 - Patch

Information

Published : 2025-08-22 16:15

Updated : 2025-11-26 16:32

NVD link : CVE-2025-38655

Mitre link : CVE-2025-38655

CVE.ORG link : CVE-2025-38655

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-38655", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-08-22T16:15:40.493", "references": [{"url": "https://git.kernel.org/stable/c/5d324b262c0ff256b8d603596574d66267b6394f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/65bd0be486390fc12a84eafaad78758c5e5a55e6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b5ae84aeff60b8819e8568ff0c57590caed9e6d3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: canaan: k230: add NULL check in DT parse\n\nAdd a NULL check for the return value of of_get_property() when\nretrieving the \"pinmux\" property in the group parser. This avoids\na potential NULL pointer dereference if the property is missing\nfrom the device tree node.\n\nAlso fix a typo (\"sintenel\") in the device ID match table comment,\ncorrecting it to \"sentinel\"."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: canaan: k230: a\u00f1adir comprobaci\u00f3n NULL en el an\u00e1lisis DT. Se a\u00f1ade una comprobaci\u00f3n NULL para el valor de retorno de of_get_property() al recuperar la propiedad \"pinmux\" en el analizador de grupo. Esto evita una posible desreferencia de puntero NULL si la propiedad no se encuentra en el nodo del \u00e1rbol de dispositivos. Tambi\u00e9n se corrige un error tipogr\u00e1fico (\"sintenel\") en el comentario de la tabla de coincidencias de ID de dispositivo, corrigi\u00e9ndolo a \"sentinel\"."}], "lastModified": "2025-11-26T16:32:07.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5890C690-B295-40C2-9121-FF5F987E5142", "versionEndExcluding": "6.15.10", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58182352-D7DF-4CC9-841E-03C1D852C3FB", "versionEndExcluding": "6.16.1", "versionStartIncluding": "6.16"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}