CVE-2026-53152
Received Received - Intake
NULL Pointer Dereference in Linux Kernel dw_mmc-rockchip Driver

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mmc: dw_mmc-rockchip: Add missing private data for very old controllers The really old controllers (rk2928, rk3066, rk3188) do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parse_dt callback and no driver private data at all. Commit ff6f0286c896 ("mmc: dw_mmc-rockchip: Add memory clock auto-gating support") makes the private data sort of mandatory, because the init function checks whether phases are configured internally or through the clock controller. This results in the old SoCs then experiencing NULL-pointer dereferences when they try to access that private-data struct. While we could have if (priv) conditionals in all places, it's way less cluttery to just give the old types their private-data struct.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53152
EUVD
EUVD-2026-39243
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's MMC driver for very old Rockchip controllers (rk2928, rk3066, rk3188). These old controllers do not support UHS speeds and never handled phase data, so they lacked a parse_dt callback and driver private data.

A recent commit made the private data mandatory because the initialization function checks if phases are configured internally or through the clock controller. Since the old SoCs did not have this private data, attempts to access it caused NULL-pointer dereferences.

The fix was to add the missing private data for these old controllers to prevent the NULL-pointer dereference errors.

Impact Analysis

This vulnerability can cause NULL-pointer dereferences in the Linux kernel when the old Rockchip controllers attempt to access missing private data. Such dereferences can lead to kernel crashes or system instability.

If your system uses one of these very old Rockchip SoCs with the affected MMC driver, it may experience unexpected crashes or failures related to MMC operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53152. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart