CVE-2026-53237— gpio: mvebu: fix NULL pointer dereference in suspend/resume
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53237
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
gpio: mvebu: fix NULL pointer dereference in suspend/resume
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have mvchip->mvpwm set to NULL. Calling mvebu_pwm_suspend() with mvpwm == NULL causes a NULL pointer dereference when it tries to access mvpwm->blink_select. Unable to handle kernel NULL pointer dereference at virtual address 00000020 when write [00000020] *pgd=00000000 Internal error: Oops: 815 [#1] PREEMPT ARM Modules linked in: CPU: 0 UID: 0 PID: 406 Comm: sh Not tainted 6.12.74-rt12-yocto-standard-g4e96f98fb7db-dirty #353 Hardware name: Marvell Armada 370/XP (Device Tree) PC is at regmap_mmio_read+0x38/0x54 LR is at regmap_mmio_read+0x38/0x54 pc : [<c05fd2ac>] lr : [<c05fd2ac>] psr: 200f0013 sp : f0c11d10 ip : 00000000 fp : c100d2f0 r10: c14fb854 r9 : 00000000 r8 : 00000000 r7 : c1799c00 r6 : 00000020 r5 : 00000020 r4 : c179c7c0 r3 : f0a231a0 r2 : 00000020 r1 : 00000020 r0 : 00000000 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: 135ec059 DAC: 00000051 Call trace: regmap_mmio_read from _regmap_bus_reg_read+0x78/0xac _regmap_bus_reg_read from _regmap_read+0x60/0x154 _regmap_read from regmap_read+0x3c/0x60 regmap_read from mvebu_gpio_suspend+0xa4/0x14c mvebu_gpio_suspend from dpm_run_callback+0x54/0x180 dpm_run_callback from device_suspend+0x124/0x630 device_suspend from dpm_suspend+0x124/0x270 dpm_suspend from dpm_suspend_start+0x64/0x6c dpm_suspend_start from suspend_devices_and_enter+0x140/0x8e8 suspend_devices_and_enter from pm_suspend+0x2fc/0x308 pm_suspend from state_store+0x6c/0xc8 state_store from kernfs_fop_write_iter+0x10c/0x1f8 kernfs_fop_write_iter from vfs_write+0x270/0x468 vfs_write from ksys_write+0x70/0xf0 ksys_write from ret_fast_syscall+0x0/0x54 Add a NULL check for mvchip->mvpwm before calling the PWM suspend/resume functions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-53237
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53237
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-53237 (3)
Other References for CVE-2026-53237 (2)
Same Patch Batch · Linux · 2026-06-25 · 147 CVEs total
| CVE-2026-53185 | zram: fix use-after-free in zram_bvec_write_partial() | |
| CVE-2026-53167 | fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios | |
| CVE-2026-53168 | fuse: reject fuse_notify() pagecache ops on directories | |
| CVE-2026-53169 | accel/ethosu: reject NPU_OP_RESIZE commands from userspace | |
| CVE-2026-53171 | accel/ethosu: fix arithmetic issues in dma_length() | |
| CVE-2026-53170 | accel/ethosu: reject DMA commands with uninitialized length | |
| CVE-2026-53172 | accel/ethosu: fix IFM region index out-of-bounds in command stream parser | |
| CVE-2026-53174 | ovl: keep err zero after successful ovl_cache_get() | |
| CVE-2026-53173 | accel/ethosu: fix OOB write in ethosu_gem_cmdstream_copy_and_validate() | |
| CVE-2026-53175 | inet: frags: fix use-after-free caused by the fqdir_pre_exit() flush | |
| CVE-2026-53177 | bnxt_en: Fix NULL pointer dereference | |
| CVE-2026-53176 | IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN | |
| CVE-2026-53178 | staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction | |
| CVE-2026-53180 | timers/migration: Fix livelock in tmigr_handle_remote_up() | |
| CVE-2026-53179 | staging: rtl8723bs: fix buffer over-read in rtw_update_protection | |
| CVE-2026-53181 | vsock/vmci: fix sk_ack_backlog leak on failed handshake | |
| CVE-2026-53182 | wifi: nl80211: reject oversized EMA RNR lists | |
| CVE-2026-53183 | mptcp: allow subflow rcv wnd to shrink | |
| CVE-2026-53184 | udp: clear skb->dev before running a sockmap verdict | |
| CVE-2026-53196 | USB: serial: io_ti: fix heap overflow in get_manuf_info() |
Showing top 20 of 147 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-53277
KVM: arm64: Take the SRCU lock for page table walks in fault - CVE-2026-53276
Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer - CVE-2026-53275
ipv6: mcast: Fix use-after-free when processing MLD queries - CVE-2026-53274
net/smc: fix sleep-inside-lock in __smc_setsockopt() causing - CVE-2026-53273
tee: optee: prevent use-after-free when the client exits bef
Same vendor: Linux
- CVE-2026-53277
KVM: arm64: Take the SRCU lock for page table walks in fault - CVE-2026-53276
Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer - CVE-2026-53275
ipv6: mcast: Fix use-after-free when processing MLD queries - CVE-2026-53274
net/smc: fix sleep-inside-lock in __smc_setsockopt() causing - CVE-2026-53273
tee: optee: prevent use-after-free when the client exits bef
V. Comments for CVE-2026-53237
No comments yet