PT-2026-54816 · Linux · Linux

Publicado

2026-07-01

·

Atualizado

2026-07-01

·

CVE-2026-53348

Nenhuma

Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SDCA: fix NULL pointer dereference in sdca dev unregister functions
sdca dev unregister functions() iterates over all SDCA function descriptors and calls sdca dev unregister() on each func dev without checking for NULL. When a function registration has failed partway through, or the device cleanup races with probe deferral, func dev entries may be NULL, leading to a kernel oops:
BUG: kernel NULL pointer dereference, address: 0000000000000040 RIP: 0010:device del+0x1e/0x3e0 Call Trace: sdca dev unregister functions+0x37/0x60 [snd soc sdca] release nodes+0x35/0xb0 devres release all+0x90/0x100 device unbind cleanup+0xe/0x80 device release driver internal+0x1c1/0x200 bus remove device+0xc6/0x130 device del+0x161/0x3e0 device unregister+0x17/0x60 sdw delete slave+0xb6/0xd0 [soundwire bus] sdw bus master delete+0x1e/0x50 [soundwire bus] ... sof probe work+0x19/0x30 [snd sof]
This was observed on a Lenovo ThinkPad X1 Carbon G14 (Panther Lake) with the SOF audio driver probe failing due to missing Panther Lake firmware, causing the subsequent cleanup of SoundWire devices to trigger the crash.
Fix this with three changes:
  1. Add a NULL guard in sdca dev unregister() so that callers do not need to pre-validate the pointer (defense in depth).
  2. In sdca dev unregister functions(), skip NULL func dev entries and clear func dev to NULL after unregistration, making the function idempotent and safe against double-invocation.
  3. In sdca dev register functions(), roll back all previously registered functions when a later one fails, so the function array is never left in a partially-populated state.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Identificadores relacionados

CVE-2026-53348

Produtos afetados

Linux