SB2026062693 - NULL pointer dereference in Linux kernel gpio driver
Published: June 26, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2026-53237)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the mvebu GPIO suspend/resume handling in drivers/gpio/gpio-mvebu.c when processing suspend and resume operations for GPIO banks without PWM functionality. A local user can trigger a suspend or resume operation to cause a denial of service.
Only GPIO banks that do not have PWM functionality are affected.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/4ef24338eda3c7e96d6f94a988266ff16ed3985d
- https://git.kernel.org/stable/c/6136c1474db88272231573e222896e1998d34662
- https://git.kernel.org/stable/c/7db09011ce62162d72897fc4856b4425245dfe35
- https://git.kernel.org/stable/c/b9ad50d7505ebd48282ec3630258dc820fc85c81
- https://git.kernel.org/stable/c/c9677a9274ffb44987ec209dc8ec9f2d34946956