NULL pointer dereference in Linux kernel - CVE-2026-53237
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the mvebu GPIO suspend/resume handling in drivers/gpio/gpio-mvebu.c when processing suspend and resume operations for GPIO banks without PWM functionality. A local user can trigger a suspend or resume operation to cause a denial of service.
Only GPIO banks that do not have PWM functionality are affected.
How to mitigate CVE-2026-53237
Sources
- https://git.kernel.org/stable/c/4ef24338eda3c7e96d6f94a988266ff16ed3985d
- https://git.kernel.org/stable/c/6136c1474db88272231573e222896e1998d34662
- https://git.kernel.org/stable/c/7db09011ce62162d72897fc4856b4425245dfe35
- https://git.kernel.org/stable/c/b9ad50d7505ebd48282ec3630258dc820fc85c81
- https://git.kernel.org/stable/c/c9677a9274ffb44987ec209dc8ec9f2d34946956