ghsa-8gxf-m4jm-cw42
Vulnerability from github
Published
2025-12-16 15:30
Modified
2025-12-16 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc

s32_pinctrl_desc is allocated with devm_kmalloc(), but not all of its fields are initialized. Notably, num_custom_params is used in pinconf_generic_parse_dt_config(), resulting in intermittent allocation errors, such as the following splat when probing i2c-imx:

    WARNING: CPU: 0 PID: 176 at mm/page_alloc.c:4795 __alloc_pages_noprof+0x290/0x300
    [...]
    Hardware name: NXP S32G3 Reference Design Board 3 (S32G-VNP-RDB3) (DT)
    [...]
    Call trace:
     __alloc_pages_noprof+0x290/0x300 (P)
     ___kmalloc_large_node+0x84/0x168
     __kmalloc_large_node_noprof+0x34/0x120
     __kmalloc_noprof+0x2ac/0x378
     pinconf_generic_parse_dt_config+0x68/0x1a0
     s32_dt_node_to_map+0x104/0x248
     dt_to_map_one_config+0x154/0x1d8
     pinctrl_dt_to_map+0x12c/0x280
     create_pinctrl+0x6c/0x270
     pinctrl_get+0xc0/0x170
     devm_pinctrl_get+0x50/0xa0
     pinctrl_bind_pins+0x60/0x2a0
     really_probe+0x60/0x3a0
    [...]
     __platform_driver_register+0x2c/0x40
     i2c_adap_imx_init+0x28/0xff8 [i2c_imx]
    [...]

This results in later parse failures that can cause issues in dependent drivers:

    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c0-pins/i2c0-grp0: could not parse node property
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c0-pins/i2c0-grp0: could not parse node property
    [...]
    pca953x 0-0022: failed writing register: -6
    i2c i2c-0: IMX I2C adapter registered
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c2-pins/i2c2-grp0: could not parse node property
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c2-pins/i2c2-grp0: could not parse node property
    i2c i2c-1: IMX I2C adapter registered
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c4-pins/i2c4-grp0: could not parse node property
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c4-pins/i2c4-grp0: could not parse node property
    i2c i2c-2: IMX I2C adapter registered

Fix this by initializing s32_pinctrl_desc with devm_kzalloc() instead of devm_kmalloc() in s32_pinctrl_probe(), which sets the previously uninitialized fields to zero.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-68222"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-16T14:15:55Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc\n\ns32_pinctrl_desc is allocated with devm_kmalloc(), but not all of its\nfields are initialized. Notably, num_custom_params is used in\npinconf_generic_parse_dt_config(), resulting in intermittent allocation\nerrors, such as the following splat when probing i2c-imx:\n\n        WARNING: CPU: 0 PID: 176 at mm/page_alloc.c:4795 __alloc_pages_noprof+0x290/0x300\n        [...]\n        Hardware name: NXP S32G3 Reference Design Board 3 (S32G-VNP-RDB3) (DT)\n        [...]\n        Call trace:\n         __alloc_pages_noprof+0x290/0x300 (P)\n         ___kmalloc_large_node+0x84/0x168\n         __kmalloc_large_node_noprof+0x34/0x120\n         __kmalloc_noprof+0x2ac/0x378\n         pinconf_generic_parse_dt_config+0x68/0x1a0\n         s32_dt_node_to_map+0x104/0x248\n         dt_to_map_one_config+0x154/0x1d8\n         pinctrl_dt_to_map+0x12c/0x280\n         create_pinctrl+0x6c/0x270\n         pinctrl_get+0xc0/0x170\n         devm_pinctrl_get+0x50/0xa0\n         pinctrl_bind_pins+0x60/0x2a0\n         really_probe+0x60/0x3a0\n        [...]\n         __platform_driver_register+0x2c/0x40\n         i2c_adap_imx_init+0x28/0xff8 [i2c_imx]\n        [...]\n\nThis results in later parse failures that can cause issues in dependent\ndrivers:\n\n        s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c0-pins/i2c0-grp0: could not parse node property\n        s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c0-pins/i2c0-grp0: could not parse node property\n        [...]\n        pca953x 0-0022: failed writing register: -6\n        i2c i2c-0: IMX I2C adapter registered\n        s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c2-pins/i2c2-grp0: could not parse node property\n        s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c2-pins/i2c2-grp0: could not parse node property\n        i2c i2c-1: IMX I2C adapter registered\n        s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c4-pins/i2c4-grp0: could not parse node property\n        s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c4-pins/i2c4-grp0: could not parse node property\n        i2c i2c-2: IMX I2C adapter registered\n\nFix this by initializing s32_pinctrl_desc with devm_kzalloc() instead of\ndevm_kmalloc() in s32_pinctrl_probe(), which sets the previously\nuninitialized fields to zero.",
  "id": "GHSA-8gxf-m4jm-cw42",
  "modified": "2025-12-16T15:30:46Z",
  "published": "2025-12-16T15:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68222"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b90bd8aaeb21b513ecc4ed03299e80ece44a333"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/583ac7f65791ceda38ea1a493a4859f7161dcb03"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7bbdd6c30e8fd92f7165b7730b038cfe42102004"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/97ea34defbb57bfaf71ce487b1b0865ffd186e81"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.