Linux Kernel Vulnerability in wm_adsp Firmware Control Management
CVE-2026-53350

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-53350?

A vulnerability in the Linux kernel's wm_adsp module has been identified where a NULL dereference occurs in the wm_adsp_control_remove() function. This issue arises when the cs_dsp attempts to clean up private control data associated with an Audio Stream Control (ASoC) but does not verify that the private data pointer is not NULL. If the control is a SYSTEM control or if the codec driver has registered a callback that obscures the control, the private data may not exist when cleanup is attempted, leading to potential system instability and crashes. Efficient management of firmware control data is crucial for maintaining the robustness of audio systems.

Affected Version(s)

Linux 0700bc2fb94c28459f57a10d2ee2c7ef4cb70862 < 5ee9bbe2af2f373e08d3017f9aef2f2eaf29fbc3

Linux 0700bc2fb94c28459f57a10d2ee2c7ef4cb70862 < 10def23b67b42679d5b1a356e1a6f3498bd188c3

Linux 0700bc2fb94c28459f57a10d2ee2c7ef4cb70862 < 2f1be283aa777d655525d000d16474b7e7d015ea

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.