SB20260626196 - NULL pointer dereference in Linux kernel mmc host driver



SB20260626196 - NULL pointer dereference in Linux kernel mmc host driver

Published: June 26, 2026

Security Bulletin ID SB20260626196
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) NULL pointer dereference (CVE-ID: CVE-2026-53152)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a NULL-pointer dereference in the dw_mmc-rockchip driver when initializing very old Rockchip MMC controllers. A local user can trigger initialization of an affected controller to cause a denial of service.

The issue affects rk2928, rk3066, and rk3188 controllers that do not support UHS speeds and therefore lacked driver private data for phase handling.


Remediation

Install update from vendor's website.