fkie_cve-2025-40030
Vulnerability from fkie_nvd
Published
2025-10-28 12:15
Modified
2025-10-30 15:05
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmux_ops::get_function_name() While the API contract in docs doesn't specify it explicitly, the generic implementation of the get_function_name() callback from struct pinmux_ops - pinmux_generic_get_function_name() - can fail and return NULL. This is already checked in pinmux_check_ops() so add a similar check in pinmux_func_name_to_selector() instead of passing the returned pointer right down to strcmp() where the NULL can get dereferenced. This is normal operation when adding new pinfunctions.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1a2ea887a5cd7d47bab599f733d89444df018b1a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1a7fc8fed2bb2e113604fde7a45432ace2056b97
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4002ee98c022d671ecc1e4a84029e9ae7d8a5603
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/688c688e0bf55824f4a38f8c2180046f089a3e3b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b7e0535060a60cc99eafc19cc665d979714cd73a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ba7f7c2b2b3261e7def67018c38c69b626e0e66e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d77ef2f621cd1d605372c4c6ce667c496f6990c3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e7265dc4c670b89611bcf5fe33acf99bc0aa294f
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: check the return value of pinmux_ops::get_function_name()\n\nWhile the API contract in docs doesn\u0027t specify it explicitly, the\ngeneric implementation of the get_function_name() callback from struct\npinmux_ops - pinmux_generic_get_function_name() - can fail and return\nNULL. This is already checked in pinmux_check_ops() so add a similar\ncheck in pinmux_func_name_to_selector() instead of passing the returned\npointer right down to strcmp() where the NULL can get dereferenced. This\nis normal operation when adding new pinfunctions."
    }
  ],
  "id": "CVE-2025-40030",
  "lastModified": "2025-10-30T15:05:32.197",
  "metrics": {},
  "published": "2025-10-28T12:15:36.757",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1a2ea887a5cd7d47bab599f733d89444df018b1a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1a7fc8fed2bb2e113604fde7a45432ace2056b97"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4002ee98c022d671ecc1e4a84029e9ae7d8a5603"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/688c688e0bf55824f4a38f8c2180046f089a3e3b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b7e0535060a60cc99eafc19cc665d979714cd73a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ba7f7c2b2b3261e7def67018c38c69b626e0e66e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d77ef2f621cd1d605372c4c6ce667c496f6990c3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e7265dc4c670b89611bcf5fe33acf99bc0aa294f"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.