Skip to main content

Linux Kernel CVE-2026-53152

| EUVDEUVD-2026-39243 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-25 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-38rg-2rjc-3rmj
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local vector confirmed by driver/hardware scope; PR:L reflects that a logged-in session or boot context is needed; no C or I impact applies.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 06, 2026 - 17:55 vuln.today
CVSS changed
Jul 06, 2026 - 17:52 NVD
5.5 (MEDIUM)
Patch available
Jun 25, 2026 - 10:32 EUVD
CVE Published
Jun 25, 2026 - 09:16 nvd
MEDIUM 5.5
CVE Published
Jun 25, 2026 - 09:16 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

mmc: dw_mmc-rockchip: Add missing private data for very old controllers

The really old controllers (rk2928, rk3066, rk3188) do not support UHS speeds at all, and thus never handled phase data.

For that reason it never had a parse_dt callback and no driver private data at all.

Commit ff6f0286c896 ("mmc: dw_mmc-rockchip: Add memory clock auto-gating support") makes the private data sort of mandatory, because the init function checks whether phases are configured internally or through the clock controller.

This results in the old SoCs then experiencing NULL-pointer dereferences when they try to access that private-data struct.

While we could have if (priv) conditionals in all places, it's way less cluttery to just give the old types their private-data struct.

AnalysisAI

NULL pointer dereference in the Linux kernel's dw_mmc-rockchip MMC driver triggers kernel panics on systems running legacy Rockchip SoCs (rk2928, rk3066, rk3188) when the MMC subsystem initializes. Commit ff6f0286c896 introduced a mandatory private-data access path that was never populated for these old controllers - which historically had no UHS support and no parse_dt callback - causing a reproducible kernel crash on affected hardware. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Boot or load MMC module on rk2928/rk3066/rk3188 hardware
Delivery
dw_mmc-rockchip init function executes
Exploit
Driver dereferences uninitialized NULL private data pointer
Execution
Kernel NULL pointer dereference (CWE-476)
Impact
Kernel panic and system crash (DoS)

Vulnerability AssessmentAI

Exploitation Two simultaneous conditions are required: (1) the target system must be physically equipped with one of exactly three legacy Rockchip SoC variants - rk2928, rk3066, or rk3188 - as the NULL dereference is specific to the code path for these controller types that lack UHS support; and (2) the running kernel must include commit ff6f0286c896 but not the fix commits, corresponding to kernel versions 6.12.78-6.12.93, 6.18.19-6.18.35, 7.0.x prior to 7.0.13, or 7.1 RC1-RC6. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is low despite the kernel-crash impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A system boots on legacy Rockchip rk2928, rk3066, or rk3188 hardware running an affected kernel version; during MMC subsystem initialization, the dw_mmc-rockchip driver's init function dereferences the NULL private data pointer when checking memory clock auto-gating configuration, triggering an immediate kernel panic. The crash is deterministic and reproducible on every boot of affected hardware - no user interaction, network access, or special privileges beyond system startup are needed. …
Remediation Upgrade the Linux kernel to a patched stable release: 6.12.94 or later for the 6.12.x longterm branch, 6.18.36 or later for the 6.18.x branch, 7.0.13 or later for the 7.0.x branch, or the final 7.1 release for the 7.1 RC series. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53152 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy