Skip to main content

Linux Kernel EUVDEUVD-2026-32247

| CVE-2026-45963 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-38h5-pjw3-mqxf
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local race condition triggerable with low privilege via audio subsystem events; only availability is impacted through kernel crash with no confidentiality or integrity effects.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 02:42 vuln.today
CVSS changed
Jun 16, 2026 - 02:37 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

ASoC: nau8821: Cancel delayed work on component remove

Attempting to unload the driver while a jack detection work is pending would likely crash the kernel when it is eventually scheduled for execution:

[ 1984.896308] BUG: unable to handle page fault for address: ffffffffc10c2a20 [...] [ 1984.896388] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024 [ 1984.896396] Workqueue: events nau8821_jdet_work [snd_soc_nau8821] [ 1984.896414] RIP: 0010:__mutex_lock+0x9f/0x11d0 [...] [ 1984.896504] Call Trace: [ 1984.896511] <TASK> [ 1984.896524] ? snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core] [ 1984.896572] ? snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core] [ 1984.896596] snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core] [ 1984.896622] nau8821_jdet_work+0xeb/0x1e0 [snd_soc_nau8821] [ 1984.896636] process_one_work+0x211/0x590 [ 1984.896649] ? srso_return_thunk+0x5/0x5f [ 1984.896670] worker_thread+0x1cd/0x3a0

Cancel unscheduled jdet_work or wait for its execution to finish before the component driver gets removed.

AnalysisAI

Kernel crash via use-after-free race in the Linux kernel nau8821 ASoC audio codec driver affects systems including the Valve Steam Deck when a jack detection workqueue item executes after the driver component has been removed. The missing cancel_delayed_work_sync call in the component remove path allows nau8821_jdet_work to dereference freed kernel structures, producing a fatal page fault. No public exploit exists and EPSS is 0.02%, but any NAU8821-equipped system on kernel versions from 5.16 through pre-6.19.4 is vulnerable to local denial-of-service via kernel panic.

Technical ContextAI

The nau8821 is a Nuvoton audio codec managed through the Linux ALSA System-on-Chip (ASoC) framework (CPE: cpe:2.3:o:linux:linux_kernel). The driver schedules a delayed work item, nau8821_jdet_work, to handle jack insertion/removal detection through the kernel workqueue subsystem. CWE-476 (NULL Pointer Dereference) is the assigned classification, though the observed crash at address ffffffffc10c2a20 is technically a use-after-free: the driver component is removed and its memory freed, yet the still-queued work item subsequently executes and calls into the DAPM (Dynamic Audio Power Management) subsystem via snd_soc_dapm_disable_pin, which attempts to acquire a mutex on the now-freed component structure. The crash was confirmed on a Valve Jupiter (Steam Deck) system running BIOS F7A0131. The fix canonically identified in upstream commits dbd3fd05cddfdeec1e49b0a66269881c09eebd17 and 3955767ec39dcc0358470ffe6535703e2b7fd815 adds cancel_delayed_work_sync to the remove path.

RemediationAI

Upgrade to Linux kernel 6.19.4 or 7.0, which incorporate the fix via stable commits at https://git.kernel.org/stable/c/dbd3fd05cddfdeec1e49b0a66269881c09eebd17 and https://git.kernel.org/stable/c/3955767ec39dcc0358470ffe6535703e2b7fd815. Distribution kernel maintainers (Debian, Ubuntu, Fedora, openSUSE) should be monitored for stable backport availability into their respective LTS kernel series. As a compensating control prior to patching, avoid unloading the snd_soc_nau8821 module on affected hardware while audio jack events may be pending - this can be operationally enforced by preventing hot-module-removal via udev rules or blacklisting the module's manual unload in service configurations, though this does not protect against hotplug-triggered component removal. There is no known workaround that fully eliminates the race without the upstream fix.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2026-32247 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy