gpio: mvebu: fix NULL pointer dereference in suspend/resume

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have mvchip->mvpwm set to NULL. Calling mvebu_pwm_suspend() with mvpwm == NULL causes a NULL pointer dereference when it tries to access mvpwm->blink_select. Unable to handle kernel NULL pointer dereference at virtual address 00000020 when write [00000020] *pgd=00000000 Internal error: Oops: 815 [#1] PREEMPT ARM Modules linked in: CPU: 0 UID: 0 PID: 406 Comm: sh Not tainted 6.12.74-rt12-yocto-standard-g4e96f98fb7db-dirty #353 Hardware name: Marvell Armada 370/XP (Device Tree) PC is at regmap_mmio_read+0x38/0x54 LR is at regmap_mmio_read+0x38/0x54 pc : [<c05fd2ac>] lr : [<c05fd2ac>] psr: 200f0013 sp : f0c11d10 ip : 00000000 fp : c100d2f0 r10: c14fb854 r9 : 00000000 r8 : 00000000 r7 : c1799c00 r6 : 00000020 r5 : 00000020 r4 : c179c7c0 r3 : f0a231a0 r2 : 00000020 r1 : 00000020 r0 : 00000000 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: 135ec059 DAC: 00000051 Call trace: regmap_mmio_read from _regmap_bus_reg_read+0x78/0xac _regmap_bus_reg_read from _regmap_read+0x60/0x154 _regmap_read from regmap_read+0x3c/0x60 regmap_read from mvebu_gpio_suspend+0xa4/0x14c mvebu_gpio_suspend from dpm_run_callback+0x54/0x180 dpm_run_callback from device_suspend+0x124/0x630 device_suspend from dpm_suspend+0x124/0x270 dpm_suspend from dpm_suspend_start+0x64/0x6c dpm_suspend_start from suspend_devices_and_enter+0x140/0x8e8 suspend_devices_and_enter from pm_suspend+0x2fc/0x308 pm_suspend from state_store+0x6c/0xc8 state_store from kernfs_fop_write_iter+0x10c/0x1f8 kernfs_fop_write_iter from vfs_write+0x270/0x468 vfs_write from ksys_write+0x70/0xf0 ksys_write from ret_fast_syscall+0x0/0x54 Add a NULL check for mvchip->mvpwm before calling the PWM suspend/resume functions.

Affected Products

Vendor	Product	Versions
linux	linux kernel	757642f9a584e893f3f4e50c99b674ee8a3ed363, 757642f9a584e893f3f4e50c99b674ee8a3ed363, 757642f9a584e893f3f4e50c99b674ee8a3ed363, 757642f9a584e893f3f4e50c99b674ee8a3ed363, 757642f9a584e893f3f4e50c99b674ee8a3ed363, 4.12, 6.6.142, 6.12.93, 6.18.35, 7.0.12

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
linux	linux	mitre_affected	90%

References

Related News (3 articles)

Tier A

Microsoft MSRC1h ago

CVE-2026-53237 gpio: mvebu: fix NULL pointer dereference in suspend/resume

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-53237 | Linux Kernel up to 6.6.142/6.12.93/6.18.35/7.0.12 gpio mvebu_pwm_suspend mvpwm null pointer dereference

→ No new info (linked only)

Tier C

Linux Kernel CVEs3d ago

CVE-2026-53237: gpio: mvebu: fix NULL pointer dereference in suspend/resume

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

7db09011ce62162d72897fc4856b4425245dfe354ef24338eda3c7e96d6f94a988266ff16ed3985d6136c1474db88272231573e222896e1998d34662c9677a9274ffb44987ec209dc8ec9f2d34946956b9ad50d7505ebd48282ec3630258dc820fc85c8106.6.1436.12.946.18.367.0.137.1

PublishedJun 25, 2026

Last enriched3d agov3