CVE-2025-38654 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device tree parsing is done before calling devm_pinctrl_register() to prevent using uninitialized pin resources.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/02c1deb1bff2b6d242e29a51e56107495979a2b8
https://git.kernel.org/stable/c/0ec03251d01494ef207089b5bd626becfd05fd86
https://git.kernel.org/stable/c/d94a32ac688f953dc9a9f12b5b4139ecad841bbb

History

Sat, 23 Aug 2025 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Fri, 22 Aug 2025 16:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device tree parsing is done before calling devm_pinctrl_register() to prevent using uninitialized pin resources.
Title		pinctrl: canaan: k230: Fix order of DT parse and pinctrl register
References		https://git.kernel.org/stable/c/02c1deb1bff2b6d242e29a51e56107495979a2b8 https://git.kernel.org/stable/c/0ec03251d01494ef207089b5bd626becfd05fd86 https://git.kernel.org/stable/c/d94a32ac688f953dc9a9f12b5b4139ecad841bbb

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-08-22T16:00:58.153Z

Updated: 2025-08-22T16:00:58.153Z

Reserved: 2025-04-16T04:51:24.030Z

Link: CVE-2025-38654

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-08-22T16:15:40.357

Modified: 2025-08-22T18:08:51.663

Link: CVE-2025-38654

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38654", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.030Z", "datePublished": "2025-08-22T16:00:58.153Z", "dateUpdated": "2025-08-22T16:00:58.153Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-08-22T16:00:58.153Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: canaan: k230: Fix order of DT parse and pinctrl register\n\nMove DT parse before pinctrl register. This ensures that device tree\nparsing is done before calling devm_pinctrl_register() to prevent using\nuninitialized pin resources."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pinctrl/pinctrl-k230.c"], "versions": [{"version": "545887eab6f6776a7477fe7e83860eab57138b03", "lessThan": "02c1deb1bff2b6d242e29a51e56107495979a2b8", "status": "affected", "versionType": "git"}, {"version": "545887eab6f6776a7477fe7e83860eab57138b03", "lessThan": "0ec03251d01494ef207089b5bd626becfd05fd86", "status": "affected", "versionType": "git"}, {"version": "545887eab6f6776a7477fe7e83860eab57138b03", "lessThan": "d94a32ac688f953dc9a9f12b5b4139ecad841bbb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pinctrl/pinctrl-k230.c"], "versions": [{"version": "6.13", "status": "affected"}, {"version": "0", "lessThan": "6.13", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.10", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.1", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.15.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.16.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.17-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/02c1deb1bff2b6d242e29a51e56107495979a2b8"}, {"url": "https://git.kernel.org/stable/c/0ec03251d01494ef207089b5bd626becfd05fd86"}, {"url": "https://git.kernel.org/stable/c/d94a32ac688f953dc9a9f12b5b4139ecad841bbb"}], "title": "pinctrl: canaan: k230: Fix order of DT parse and pinctrl register", "x_generator": {"engine": "bippy-1.2.0"}}}}