What is the severity of CVE-2025-68222?

CVE-2025-68222 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2025-68222?

No known public exploits are currently available for CVE-2025-68222.

Is there a patch available for CVE-2025-68222?

Yes, patches are available for CVE-2025-68222. Check the vendor advisories for update instructions.

CVE-2025-68222 - CVE Details, Severity, and Analysis

Published: February 3, 2026

Last updated:15 hours ago (February 3, 2026)

Updated February 3, 2026

no major risk factors

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc

s32_pinctrl_desc is allocated with devm_kmalloc(), but not all of its fields are initialized. Notably, num_custom_params is used in pinconf_generic_parse_dt_config(), resulting in intermittent allocation errors, such as the following splat when probing i2c-imx:

    WARNING: CPU: 0 PID: 176 at mm/page_alloc.c:4795 __alloc_pages_noprof+0x290/0x300
    [...]
    Hardware name: NXP S32G3 Reference Design Board 3 (S32G-VNP-RDB3) (DT)
    [...]
    Call trace:
     __alloc_pages_noprof+0x290/0x300 (P)
     ___kmalloc_large_node+0x84/0x168
     __kmalloc_large_node_noprof+0x34/0x120
     __kmalloc_noprof+0x2ac/0x378
     pinconf_generic_parse_dt_config+0x68/0x1a0
     s32_dt_node_to_map+0x104/0x248
     dt_to_map_one_config+0x154/0x1d8
     pinctrl_dt_to_map+0x12c/0x280
     create_pinctrl+0x6c/0x270
     pinctrl_get+0xc0/0x170
     devm_pinctrl_get+0x50/0xa0
     pinctrl_bind_pins+0x60/0x2a0
     really_probe+0x60/0x3a0
    [...]
     __platform_driver_register+0x2c/0x40
     i2c_adap_imx_init+0x28/0xff8 [i2c_imx]
    [...]

This results in later parse failures that can cause issues in dependent drivers:

    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c0-pins/i2c0-grp0: could not parse node property
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c0-pins/i2c0-grp0: could not parse node property
    [...]
    pca953x 0-0022: failed writing register: -6
    i2c i2c-0: IMX I2C adapter registered
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c2-pins/i2c2-grp0: could not parse node property
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c2-pins/i2c2-grp0: could not parse node property
    i2c i2c-1: IMX I2C adapter registered
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c4-pins/i2c4-grp0: could not parse node property
    s32g-siul2-pinctrl 4009c240.pinctrl: /soc@0/pinctrl@4009c240/i2c4-pins/i2c4-grp0: could not parse node property
    i2c i2c-2: IMX I2C adapter registered

Fix this by initializing s32_pinctrl_desc with devm_kzalloc() instead of devm_kmalloc() in s32_pinctrl_probe(), which sets the previously uninitialized fields to zero.

Strobes VI. (2026). CVE-2025-68222 - CVE Details and Analysis. Strobes VI. Retrieved February 3, 2026, from https://vi.strobes.co/cve/CVE-2025-68222