CVE-2026-46269 in Linux
Summary
by MITRE • 06/03/2026
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree
When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: [ 0.732084] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000068
[ 0.740737] ...
[ 0.776296] epc : k230_pinctrl_probe+0x1be/0x4fc
In k230_pinctrl_parse_functions(), we attempt to retrieve the device pointer via info->pctl_dev->dev, but info->pctl_dev is only initialized after k230_pinctrl_parse_dt() completes.
At the time of DT parsing, info->pctl_dev is still NULL, leading to the invalid dereference of info->pctl_dev->dev.
Use the already available device pointer from platform_device instead of accessing through uninitialized pctl_dev.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/03/2026
This vulnerability represents a critical NULL pointer dereference in the Linux kernel's pinctrl subsystem affecting the canaan k230 platform. The issue occurs during driver initialization when the k230_pinctrl_probe function attempts to parse device tree information before proper initialization of the pinctrl device structure. The kernel crash manifests as an unhandled NULL pointer dereference at virtual address 0000000000000068, indicating a classic software error where code attempts to access memory through a null reference. This type of vulnerability falls under CWE-476 which specifically addresses NULL pointer dereference conditions that can lead to system crashes and potential privilege escalation.
The technical flaw stems from improper initialization sequencing within the driver's probe function where k230_pinctrl_parse_functions() attempts to access info->pctl_dev->dev before info->pctl_dev has been properly initialized. This creates a temporal dependency issue where code execution path references uninitialized memory, resulting in immediate system termination. The error occurs in the device tree parsing routine where the driver tries to obtain device information from the pinctrl device structure that has not yet been established, demonstrating poor defensive programming practices and inadequate error handling. This particular vulnerability aligns with ATT&CK technique T1499.001 which involves system network configuration modification through kernel-level attacks.
The operational impact of this vulnerability is severe as it can cause complete system crashes during boot sequences or when the k230 pinctrl driver is loaded. Systems using this specific platform configuration become immediately unstable and potentially non-functional, as the kernel cannot properly initialize the pin control subsystem. This affects embedded systems and devices that rely on the canaan k230 platform, potentially rendering them inoperable until the driver is patched or recompiled with proper initialization order. The vulnerability is particularly concerning in automotive, industrial, or network infrastructure applications where system reliability is paramount, as it could lead to complete device failure.
Mitigation strategies should focus on ensuring proper initialization order within the driver's probe function by accessing the device pointer directly from the platform_device structure rather than attempting to derive it from the uninitialized pctl_dev structure. The fix involves modifying the k230_pinctrl_parse_functions() routine to use the already available device pointer from platform_device instead of the NULL reference. This approach prevents the temporal dependency issue and ensures that device tree parsing occurs only after proper initialization. Additionally, implementing defensive programming practices such as null pointer checks and proper error handling can prevent similar issues in other kernel subsystems. The vulnerability serves as a reminder of the critical importance of initialization sequence management in kernel drivers and the need for comprehensive testing of driver probe functions under various system states.