CVE-2025-38266: 
Linux Ubuntu vulnerability analysis and mitigation

A vulnerability was discovered in the Linux kernel related to invalid pointer dereferencing in the pinctrl MediaTek EINT driver. The issue was introduced by commit 3ef9f710efcb which added EINT support for multiple addresses, affecting v1 platforms. The vulnerability was discovered on July 10, 2025, and impacts systems using the MediaTek pinctrl driver, particularly observed on Genio 350 EVK (MT8365) devices (NVD CVE).

The vulnerability stems from an access to the 'soc' field of struct mtkpinctrl in mtkeintdoinit() function, which includes pinctrl-mtk-common-v2.h. However, pinctrl drivers using the v1 common driver include pinctrl-mtk-common.h instead, which has a different definition of struct mtkpinctrl without the 'soc' field. This mismatch causes an invalid pointer dereference when mtkeintdoinit() is called on v1 platforms, resulting in system crashes early in the boot process that are only visible with earlycon (NVD CVE).

The vulnerability causes system crashes very early in the boot process on affected v1 platforms, particularly observed on Genio 350 EVK (MT8365) devices. The crash occurs due to invalid pointer dereferencing, which can prevent the system from properly booting (NVD CVE).

The issue has been resolved by modifying the mtkeintdoinit() function to accept 'struct mtkeintpin' as a parameter instead of relying on the struct mtkpinctrl. This change removes the dependency on any particular struct mtk_pinctrl definition, effectively fixing the invalid pointer dereference issue (NVD CVE).