CVE-2026-53344 PUBLISHED

pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init

Assigner: Linux
Reserved: 09.06.2026 Published: 01.07.2026 Updated: 01.07.2026

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init

Regmap initialization triggers regcache_maple_populate() which attempts SPI read to populate cache. SPI read requires mcp->dev and mcp->addr to be set, without them, NULL pointer dereference occurs during probe.

Move initialization before mcp23s08_spi_regmap_init() call.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from f9f4fda15e720686f1b2b436591ab11255e4e85e to 3a13bb9540dfd7014c5601608afcbbadbbcfd673 (excl.)
  • affected from f9f4fda15e720686f1b2b436591ab11255e4e85e to 8473c3a197b57ff01396f7a2ec6ddf65383820d4 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.19 is affected
  • unaffected from 0 to 6.19 (excl.)
  • unaffected from 7.0.13 to 7.0.* (incl.)
  • unaffected from 7.1 to * (incl.)

References