Skip to main content

Linux Kernel CVE-2026-53237

| EUVDEUVD-2026-39328 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-25 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-6v4w-qf8x-8hjm
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local vector because suspend must be triggered by a logged-in user; PR:L since writing to /sys/power/state requires at minimum low privilege; availability-only impact as the result is a kernel crash with no data exposure.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 08, 2026 - 13:28 vuln.today
CVSS changed
Jul 08, 2026 - 13:22 NVD
5.5 (MEDIUM)
Patch available
Jun 25, 2026 - 10:32 EUVD
CVE Published
Jun 25, 2026 - 09:16 nvd
MEDIUM 5.5
CVE Published
Jun 25, 2026 - 09:16 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

gpio: mvebu: fix NULL pointer dereference in suspend/resume

mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have mvchip->mvpwm set to NULL.

Calling mvebu_pwm_suspend() with mvpwm == NULL causes a NULL pointer dereference when it tries to access mvpwm->blink_select.

Unable to handle kernel NULL pointer dereference at virtual address 00000020 when write [00000020] *pgd=00000000 Internal error: Oops: 815 [#1] PREEMPT ARM Modules linked in: CPU: 0 UID: 0 PID: 406 Comm: sh Not tainted 6.12.74-rt12-yocto-standard-g4e96f98fb7db-dirty #353 Hardware name: Marvell Armada 370/XP (Device Tree) PC is at regmap_mmio_read+0x38/0x54 LR is at regmap_mmio_read+0x38/0x54 pc : [<c05fd2ac>] lr : [<c05fd2ac>] psr: 200f0013 sp : f0c11d10 ip : 00000000 fp : c100d2f0 r10: c14fb854 r9 : 00000000 r8 : 00000000 r7 : c1799c00 r6 : 00000020 r5 : 00000020 r4 : c179c7c0 r3 : f0a231a0 r2 : 00000020 r1 : 00000020 r0 : 00000000 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: 135ec059 DAC: 00000051 Call trace: regmap_mmio_read from _regmap_bus_reg_read+0x78/0xac _regmap_bus_reg_read from _regmap_read+0x60/0x154 _regmap_read from regmap_read+0x3c/0x60 regmap_read from mvebu_gpio_suspend+0xa4/0x14c mvebu_gpio_suspend from dpm_run_callback+0x54/0x180 dpm_run_callback from device_suspend+0x124/0x630 device_suspend from dpm_suspend+0x124/0x270 dpm_suspend from dpm_suspend_start+0x64/0x6c dpm_suspend_start from suspend_devices_and_enter+0x140/0x8e8 suspend_devices_and_enter from pm_suspend+0x2fc/0x308 pm_suspend from state_store+0x6c/0xc8 state_store from kernfs_fop_write_iter+0x10c/0x1f8 kernfs_fop_write_iter from vfs_write+0x270/0x468 vfs_write from ksys_write+0x70/0xf0 ksys_write from ret_fast_syscall+0x0/0x54

Add a NULL check for mvchip->mvpwm before calling the PWM suspend/resume functions.

AnalysisAI

NULL pointer dereference in the Linux kernel's Marvell EBU GPIO driver (gpio/mvebu) causes a kernel oops and system crash during suspend/resume operations on Marvell Armada ARM platforms. The flaw affects all stable kernel branches from 4.12 onward where mvebu_pwm_suspend() and mvebu_pwm_resume() are unconditionally invoked for every GPIO bank, including those where mvchip->mvpwm is NULL due to absent PWM hardware. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local authenticated access to Marvell Armada system
Delivery
Write suspend trigger to /sys/power/state
Exploit
dpm_suspend_start iterates GPIO bank callbacks
Execution
mvebu_gpio_suspend calls mvebu_pwm_suspend on NULL-mvpwm bank
Persist
NULL pointer dereference at regmap_mmio_read
Impact
Kernel oops crashes system

Vulnerability AssessmentAI

Exploitation Exploitation requires local authenticated access with privileges sufficient to write to /sys/power/state (typically root or a user in the power management group). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is low despite a CVSS 3.1 score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated local user on a Marvell Armada-based embedded Linux device (such as an IoT gateway or NAS appliance) writes 'mem' or 'freeze' to /sys/power/state to initiate a suspend cycle. The kernel's device power management framework iterates all GPIO banks via mvebu_gpio_suspend, calling mvebu_pwm_suspend() for a bank whose mvchip->mvpwm is NULL. …
Remediation The primary fix is upgrading to a patched kernel stable release: 6.6.143, 6.12.94, 7.0.13, 7.1, or 6.18.36 per EUVD-confirmed patch versions. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53237 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy