Bug 2492759 (CVE-2026-53152) - CVE-2026-53152 kernel: mmc: dw_mmc-rockchip: Add missing private data for very old controllers
Summary: CVE-2026-53152 kernel: mmc: dw_mmc-rockchip: Add missing private data for ver...
Keywords:
Status: NEW
Alias: CVE-2026-53152
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-25 10:04 UTC by OSIDB Bzimport
Modified: 2026-06-26 08:10 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-25 10:04:15 UTC
In the Linux kernel, the following vulnerability has been resolved:

mmc: dw_mmc-rockchip: Add missing private data for very old controllers

The really old controllers (rk2928, rk3066, rk3188) do not support UHS
speeds at all, and thus never handled phase data.

For that reason it never had a parse_dt callback and no driver private
data at all.

Commit ff6f0286c896 ("mmc: dw_mmc-rockchip: Add memory clock auto-gating
support") makes the private data sort of mandatory, because the init
function checks whether phases are configured internally or through the
clock controller.

This results in the old SoCs then experiencing NULL-pointer dereferences
when they try to access that private-data struct.

While we could have if (priv) conditionals in all places, it's way less
cluttery to just give the old types their private-data struct.


Note You need to log in before you can comment on or make changes to this bug.