CVE-2026-53237 in Linux
Summary
by MITRE • 06/25/2026
In the Linux kernel, the following vulnerability has been resolved:
gpio: mvebu: fix NULL pointer dereference in suspend/resume
mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have mvchip->mvpwm set to NULL.
Calling mvebu_pwm_suspend() with mvpwm == NULL causes a NULL pointer dereference when it tries to access mvpwm->blink_select.
Unable to handle kernel NULL pointer dereference at virtual address 00000020 when write [00000020] *pgd=00000000
Internal error: Oops: 815 [#1] PREEMPT ARM
Modules linked in: CPU: 0 UID: 0 PID: 406 Comm: sh Not tainted 6.12.74-rt12-yocto-standard-g4e96f98fb7db-dirty #353 Hardware name: Marvell Armada 370/XP (Device Tree) PC is at regmap_mmio_read+0x38/0x54 LR is at regmap_mmio_read+0x38/0x54 pc : [] lr : [] psr: 200f0013
sp : f0c11d10 ip : 00000000 fp : c100d2f0 r10: c14fb854 r9 : 00000000 r8 : 00000000 r7 : c1799c00 r6 : 00000020 r5 : 00000020 r4 : c179c7c0 r3 : f0a231a0 r2 : 00000020 r1 : 00000020 r0 : 00000000 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: 135ec059 DAC: 00000051 Call trace: regmap_mmio_read from _regmap_bus_reg_read+0x78/0xac _regmap_bus_reg_read from _regmap_read+0x60/0x154 _regmap_read from regmap_read+0x3c/0x60 regmap_read from mvebu_gpio_suspend+0xa4/0x14c mvebu_gpio_suspend from dpm_run_callback+0x54/0x180 dpm_run_callback from device_suspend+0x124/0x630 device_suspend from dpm_suspend+0x124/0x270 dpm_suspend from dpm_suspend_start+0x64/0x6c dpm_suspend_start from suspend_devices_and_enter+0x140/0x8e8 suspend_devices_and_enter from pm_suspend+0x2fc/0x308 pm_suspend from state_store+0x6c/0xc8 state_store from kernfs_fop_write_iter+0x10c/0x1f8 kernfs_fop_write_iter from vfs_write+0x270/0x468 vfs_write from ksys_write+0x70/0xf0 ksys_write from ret_fast_syscall+0x0/0x54
Add a NULL check for mvchip->mvpwm before calling the PWM suspend/resume functions.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/25/2026
This vulnerability exists within the Linux kernel's gpio subsystem, specifically affecting the mvebu (Marvell Armada) GPIO driver implementation. The issue manifests as a NULL pointer dereference during system suspend and resume operations when the kernel attempts to manage GPIO banks that lack PWM functionality. The flaw occurs because the mvebu_pwm_suspend() and mvebu_pwm_resume() functions are invoked for all GPIO banks regardless of their hardware capabilities, but only certain banks actually possess PWM support. When GPIO banks without PWM functionality attempt to execute these functions, the code accesses a NULL pointer at mvchip->mvpwm->blink_select, leading to an immediate kernel oops and system instability.
The technical root cause stems from inadequate null pointer validation within the device driver's suspend/resume handling logic. According to CWE-476, this represents a NULL pointer dereference vulnerability where the code fails to verify that a pointer reference is valid before accessing it. The kernel's power management subsystem orchestrates these operations through the standard device power management framework, specifically calling dpm_run_callback which eventually invokes mvebu_gpio_suspend. This function attempts to read from hardware registers using regmap_mmio_read through multiple layers of function calls including _regmap_bus_reg_read and _regmap_read before ultimately failing at the NULL pointer access.
The operational impact of this vulnerability is severe as it can cause system crashes, kernel oops, and complete system hangs during suspend/resume cycles. The error trace shows that the crash occurs in the ARM architecture with a virtual address access violation at 0x00000020, which corresponds to the NULL pointer dereference. This vulnerability directly maps to ATT&CK technique T1490 where adversaries could potentially exploit system instability or use this as a denial-of-service vector. The issue affects systems using Marvell Armada 370/XP platforms that utilize device tree configurations, making it particularly relevant for embedded systems and network appliances running Linux-based operating systems.
The recommended mitigation involves implementing a simple but crucial null pointer check before invoking the PWM suspend/resume functions. This fix aligns with standard defensive programming practices and follows the principle of least privilege by ensuring all pointer dereferences are validated. The solution should be implemented in the mvebu_gpio_suspend function where the mvpwm pointer is accessed, checking whether mvchip->mvpwm is NULL before proceeding with PWM-specific operations. This approach prevents the kernel from attempting to access memory at address 0x00000020 while maintaining all legitimate functionality for GPIO banks that actually possess PWM capabilities. The fix requires minimal code changes but provides maximum security benefit by preventing potential exploitation through system instability or denial-of-service attacks during critical power management operations.