CVE-2026-53237
Received Received - Intake
NULL Pointer Dereference in Linux Kernel mvebu GPIO Driver

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have mvchip->mvpwm set to NULL. Calling mvebu_pwm_suspend() with mvpwm == NULL causes a NULL pointer dereference when it tries to access mvpwm->blink_select. Unable to handle kernel NULL pointer dereference at virtual address 00000020 when write [00000020] *pgd=00000000 Internal error: Oops: 815 [#1] PREEMPT ARM Modules linked in: CPU: 0 UID: 0 PID: 406 Comm: sh Not tainted 6.12.74-rt12-yocto-standard-g4e96f98fb7db-dirty #353 Hardware name: Marvell Armada 370/XP (Device Tree) PC is at regmap_mmio_read+0x38/0x54 LR is at regmap_mmio_read+0x38/0x54 pc : [<c05fd2ac>] lr : [<c05fd2ac>] psr: 200f0013 sp : f0c11d10 ip : 00000000 fp : c100d2f0 r10: c14fb854 r9 : 00000000 r8 : 00000000 r7 : c1799c00 r6 : 00000020 r5 : 00000020 r4 : c179c7c0 r3 : f0a231a0 r2 : 00000020 r1 : 00000020 r0 : 00000000 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: 135ec059 DAC: 00000051 Call trace: regmap_mmio_read from _regmap_bus_reg_read+0x78/0xac _regmap_bus_reg_read from _regmap_read+0x60/0x154 _regmap_read from regmap_read+0x3c/0x60 regmap_read from mvebu_gpio_suspend+0xa4/0x14c mvebu_gpio_suspend from dpm_run_callback+0x54/0x180 dpm_run_callback from device_suspend+0x124/0x630 device_suspend from dpm_suspend+0x124/0x270 dpm_suspend from dpm_suspend_start+0x64/0x6c dpm_suspend_start from suspend_devices_and_enter+0x140/0x8e8 suspend_devices_and_enter from pm_suspend+0x2fc/0x308 pm_suspend from state_store+0x6c/0xc8 state_store from kernfs_fop_write_iter+0x10c/0x1f8 kernfs_fop_write_iter from vfs_write+0x270/0x468 vfs_write from ksys_write+0x70/0xf0 ksys_write from ret_fast_syscall+0x0/0x54 Add a NULL check for mvchip->mvpwm before calling the PWM suspend/resume functions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53237
EUVD
EUVD-2026-39328
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
marvell mvebu *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's handling of GPIO banks on Marvell mvebu platforms. Specifically, during system suspend or resume, functions mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO banks. However, not all GPIO banks have PWM (Pulse Width Modulation) functionality, and for those without PWM, the pointer mvchip->mvpwm is set to NULL.

The vulnerability occurs because the code calls mvebu_pwm_suspend() without checking if mvchip->mvpwm is NULL. When mvpwm is NULL, the function tries to access mvpwm->blink_select, causing a NULL pointer dereference and leading to a kernel crash (an 'Oops' error).

The fix involves adding a NULL check for mvchip->mvpwm before calling the PWM suspend/resume functions to prevent this dereference.

Impact Analysis

This vulnerability can cause the Linux kernel to crash during system suspend or resume operations on affected hardware. The NULL pointer dereference leads to an internal kernel error, which can result in system instability, unexpected reboots, or denial of service.

Such crashes can disrupt normal device operation, potentially causing data loss or requiring manual intervention to restore system functionality.

Detection Guidance

This vulnerability manifests as a NULL pointer dereference in the Linux kernel during suspend/resume operations on Marvell mvebu GPIO banks without PWM functionality.

Detection can be done by monitoring kernel logs for error messages indicating a NULL pointer dereference related to mvebu_pwm_suspend or mvebu_pwm_resume functions.

  • Check kernel logs for Oops or panic messages using: dmesg | grep -i 'NULL pointer dereference'
  • Look specifically for messages referencing mvebu_pwm_suspend, mvebu_pwm_resume, or regmap_mmio_read.
  • Monitor system suspend/resume events for crashes or kernel panics.
Mitigation Strategies

The vulnerability is fixed by adding a NULL check for mvchip->mvpwm before calling PWM suspend/resume functions.

Immediate mitigation steps include:

  • Update the Linux kernel to a version that includes the fix for this vulnerability (post 6.12.74-rt12 or the patch that adds the NULL check).
  • Avoid suspending or resuming GPIO banks that do not have PWM functionality until the fix is applied.
  • Monitor system logs for related errors and avoid triggering suspend/resume cycles if possible.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53237. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart