PT-2026-54818 · Linux · Linux Kernel

Published

2026-07-01

·

Updated

2026-07-02

·

CVE-2026-53350

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A NULL dereference occurs in the ASOC wm adsp component during the removal of firmware controls. The function wm adsp control remove() attempts to clean up private data pointed to by the priv variable without verifying if the pointer is NULL. This situation arises when private data is not created, which happens if the control is a SYSTEM control or if the codec driver has a control add() callback that hides the control, preventing wm adsp control add() from being called. When cs dsp remove() destroys the control list, it triggers wm adsp control remove(), leading to the crash.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-53350
ECHO-CD81-E1D9-4623

Affected Products

Linux Kernel