Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-53237— gpio: mvebu: fix NULL pointer dereference in suspend/resume

AI Predicted 4.4 Difficulty: Moderate EPSS 0.13% · P3

Possible ATT&CK Techniques 1AI

T1499 · Endpoint Denial of Service

Affected Version Matrix 12

VendorProductVersion RangeStatus
LinuxLinux757642f9a584e893f3f4e50c99b674ee8a3ed363< 7db09011ce62162d72897fc4856b4425245dfe35affected
757642f9a584e893f3f4e50c99b674ee8a3ed363< 4ef24338eda3c7e96d6f94a988266ff16ed3985daffected
757642f9a584e893f3f4e50c99b674ee8a3ed363< 6136c1474db88272231573e222896e1998d34662affected
757642f9a584e893f3f4e50c99b674ee8a3ed363< c9677a9274ffb44987ec209dc8ec9f2d34946956affected
757642f9a584e893f3f4e50c99b674ee8a3ed363< b9ad50d7505ebd48282ec3630258dc820fc85c81affected
4.12affected
< 4.12unaffected
6.6.143≤ 6.6.*unaffected
… +4 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53237

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
gpio: mvebu: fix NULL pointer dereference in suspend/resume
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have mvchip->mvpwm set to NULL. Calling mvebu_pwm_suspend() with mvpwm == NULL causes a NULL pointer dereference when it tries to access mvpwm->blink_select. Unable to handle kernel NULL pointer dereference at virtual address 00000020 when write [00000020] *pgd=00000000 Internal error: Oops: 815 [#1] PREEMPT ARM Modules linked in: CPU: 0 UID: 0 PID: 406 Comm: sh Not tainted 6.12.74-rt12-yocto-standard-g4e96f98fb7db-dirty #353 Hardware name: Marvell Armada 370/XP (Device Tree) PC is at regmap_mmio_read+0x38/0x54 LR is at regmap_mmio_read+0x38/0x54 pc : [<c05fd2ac>] lr : [<c05fd2ac>] psr: 200f0013 sp : f0c11d10 ip : 00000000 fp : c100d2f0 r10: c14fb854 r9 : 00000000 r8 : 00000000 r7 : c1799c00 r6 : 00000020 r5 : 00000020 r4 : c179c7c0 r3 : f0a231a0 r2 : 00000020 r1 : 00000020 r0 : 00000000 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: 135ec059 DAC: 00000051 Call trace: regmap_mmio_read from _regmap_bus_reg_read+0x78/0xac _regmap_bus_reg_read from _regmap_read+0x60/0x154 _regmap_read from regmap_read+0x3c/0x60 regmap_read from mvebu_gpio_suspend+0xa4/0x14c mvebu_gpio_suspend from dpm_run_callback+0x54/0x180 dpm_run_callback from device_suspend+0x124/0x630 device_suspend from dpm_suspend+0x124/0x270 dpm_suspend from dpm_suspend_start+0x64/0x6c dpm_suspend_start from suspend_devices_and_enter+0x140/0x8e8 suspend_devices_and_enter from pm_suspend+0x2fc/0x308 pm_suspend from state_store+0x6c/0xc8 state_store from kernfs_fop_write_iter+0x10c/0x1f8 kernfs_fop_write_iter from vfs_write+0x270/0x468 vfs_write from ksys_write+0x70/0xf0 ksys_write from ret_fast_syscall+0x0/0x54 Add a NULL check for mvchip->mvpwm before calling the PWM suspend/resume functions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会开源的操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于在挂起/恢复过程中mvchip->mvpwm为空指针,导致访问mvpwm->blink_select时触发空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 757642f9a584e893f3f4e50c99b674ee8a3ed363 ~ 7db09011ce62162d72897fc4856b4425245dfe35 -
LinuxLinux 4.12 -

II. Public POCs for CVE-2026-53237

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53237

登录查看更多情报信息。

Patches & Fixes for CVE-2026-53237 (5)

Same Patch Batch · Linux · 2026-06-25 · 146 CVEs total

CVE-2026-531759.8 CRITICALinet: frags: fix use-after-free caused by the fqdir_pre_exit() flush
CVE-2026-531769.8 CRITICALIB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
CVE-2026-532289.8 CRITICALipv6: sit: reload inner IPv6 header after GSO offloads
CVE-2026-532219.8 CRITICALip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()
CVE-2026-532469.8 CRITICALsctp: validate cached peer INIT chunk length in COOKIE_ECHO processing
CVE-2026-532479.8 CRITICALnet: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown
CVE-2026-531519.8 CRITICALrxrpc: Fix the ACK parser to extract the SACK table for parsing
CVE-2026-532609.8 CRITICALtcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req().
CVE-2026-532169.8 CRITICALnet: mvpp2: limit XDP frame size to the RX buffer
CVE-2026-532159.8 CRITICALnet: mvpp2: refill RX buffers before XDP or skb use
CVE-2026-531319.4 CRITICALnetfilter: require Ethernet MAC header before using eth_hdr()
CVE-2026-532259.1 CRITICALsctp: fix uninit-value in __sctp_rcv_asconf_lookup()
CVE-2026-532249.1 CRITICALsctp: validate embedded INIT chunk and address list lengths in cookie
CVE-2026-531869.1 CRITICALRDMA/srp: bound SRP_RSP sense copy by the received length
CVE-2026-532488.8 HIGHnet: airoha: Fix use-after-free in metadata dst teardown
CVE-2026-531988.8 HIGHksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL
CVE-2026-532758.8 HIGHipv6: mcast: Fix use-after-free when processing MLD queries
CVE-2026-532408.8 HIGHxfrm: iptfs: fix use-after-free on first_skb in __input_process_payload
CVE-2026-531888.8 HIGHRDMA/core: Validate the passed in fops for ib_get_ucaps()
CVE-2026-531718.8 HIGHaccel/ethosu: fix arithmetic issues in dma_length()

Showing top 20 of 146 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-53237

No comments yet


Leave a comment