PT-2026-54816 · Linux · Linux
Publicado
2026-07-01
·
Atualizado
2026-07-01
·
CVE-2026-53348
Nenhuma
Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SDCA: fix NULL pointer dereference in sdca dev unregister functions
sdca dev unregister functions() iterates over all SDCA function
descriptors and calls sdca dev unregister() on each func dev without
checking for NULL. When a function registration has failed partway
through, or the device cleanup races with probe deferral, func dev
entries may be NULL, leading to a kernel oops:
BUG: kernel NULL pointer dereference, address: 0000000000000040
RIP: 0010:device del+0x1e/0x3e0
Call Trace:
sdca dev unregister functions+0x37/0x60 [snd soc sdca]
release nodes+0x35/0xb0
devres release all+0x90/0x100
device unbind cleanup+0xe/0x80
device release driver internal+0x1c1/0x200
bus remove device+0xc6/0x130
device del+0x161/0x3e0
device unregister+0x17/0x60
sdw delete slave+0xb6/0xd0 [soundwire bus]
sdw bus master delete+0x1e/0x50 [soundwire bus]
...
sof probe work+0x19/0x30 [snd sof]
This was observed on a Lenovo ThinkPad X1 Carbon G14 (Panther Lake)
with the SOF audio driver probe failing due to missing Panther Lake
firmware, causing the subsequent cleanup of SoundWire devices to
trigger the crash.
Fix this with three changes:
-
Add a NULL guard in sdca dev unregister() so that callers do not need to pre-validate the pointer (defense in depth).
-
In sdca dev unregister functions(), skip NULL func dev entries and clear func dev to NULL after unregistration, making the function idempotent and safe against double-invocation.
-
In sdca dev register functions(), roll back all previously registered functions when a later one fails, so the function array is never left in a partially-populated state.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Linux