Kernel NULL Pointer Dereference in Lenovo ThinkPad Sound Drivers
CVE-2026-53348
Currently unrated
What is CVE-2026-53348?
A vulnerability in the Linux kernel's ASoC SDCA subsystem affects the Lenovo ThinkPad X1 Carbon G14, specifically in the handling of SoundWire devices. The sdca_dev_unregister_functions() method does not check for NULL entries when unregistering SDCA function descriptors. This oversight leads to potential kernel crashes when a function registration fails or during device cleanup, causing NULL pointer dereference errors. The issue is fixed by adding NULL checks, skipping NULL entries during unregistration, and rolling back incomplete registrations to ensure stability and prevent crashes.
Affected Version(s)
Linux 4496d1c65bad7a3a32d2e09aaf3c54bc562c3fcc < 9a4895059bb6a8505098a9f75de187fd15631fc8
Linux 4496d1c65bad7a3a32d2e09aaf3c54bc562c3fcc
Linux 6.19