Skip to main content

Linux Kernel EUVDEUVD-2026-39896

| CVE-2026-53291 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-26 Linux GHSA-7qh4-cc67-w444
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

Triggering the vulnerable path requires inducing a memory allocation failure during driver probe - a non-default, resource-exhaustion condition - warranting AC:H over the NVD-assigned AC:L; all other metrics align with the description.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 08, 2026 - 04:31 vuln.today
CVSS changed
Jul 08, 2026 - 04:07 NVD
5.5 (MEDIUM)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:40 nvd
MEDIUM 5.5
CVE Published
Jun 26, 2026 - 19:40 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/conexant: Fix missing error check for jack detection

In cx_probe(), the return value of snd_hda_jack_detect_enable_callback() is ignored. This function returns a pointer, and if it fails (e.g., due to memory allocation failure), it returns an error pointer which must be checked using IS_ERR().

If the registration fails, the driver continues to probe, but the jack detection callback will not be registered. This can lead to a kernel crash later when the driver attempts to handle jack events or accesses the uninitialized structure.

Check the return value using IS_ERR() and propagate the error via PTR_ERR() to the probe caller.

AnalysisAI

Kernel crash via NULL pointer dereference in the ALSA HDA Conexant audio driver affects Linux kernel stable branches from 5.15 through 7.0, exploitable by a local low-privileged user on systems with Conexant HDA audio hardware. The cx_probe() function ignores the error pointer returned by snd_hda_jack_detect_enable_callback() on memory allocation failure, leaving the jack detection callback unregistered and an internal structure uninitialized; a subsequent audio jack event then triggers a kernel panic. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privilege shell access
Delivery
Induce memory pressure during module load
Exploit
snd_hda_jack_detect_enable_callback() returns error pointer, unchecked
Execution
Trigger audio jack insertion/removal event
Persist
Kernel dereferences uninitialized structure
Impact
Kernel panic / system availability loss

Vulnerability AssessmentAI

Exploitation Exploitation requires all of the following: (1) local access with at least low-privilege credentials (PR:L per the CVSS vector - anonymous remote exploitation is not possible, AV:L); (2) the target system must be equipped with Conexant HDA audio hardware and have the snd_hda_codec_conexant kernel module loaded (systems without this hardware are completely unaffected); (3) a memory allocation failure must occur during cx_probe() execution at module load or system boot - this is a transient condition typically induced by system memory exhaustion, not a default trigger; (4) a physical or emulated audio jack event (headphone insertion or removal) must occur after the failed initialization to dereference the uninitialized structure. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) correctly anchors impact to availability only and requires local low-privilege access, which sharply limits the attack surface to interactive or shell-capable users on physical or virtual machines with Conexant audio hardware. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with standard shell access on a laptop equipped with a Conexant HDA audio codec creates artificial memory pressure (e.g., by consuming available memory) around the time the snd_hda_codec_conexant module loads, causing snd_hda_jack_detect_enable_callback() to fail silently. The driver completes probe without registering the callback. …
Remediation The primary fix is to upgrade to a patched Linux kernel stable release: 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, or 7.1, whichever matches your active branch. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39896 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy