CVE Catalog

CVE-2026-53291

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

In the Conexant audio driver for the Linux kernel, the return value of the jack detection registration function is not checked. If memory allocation fails, the driver continues with an unregistered callback, potentially causing a kernel crash.

Risk Assessment

The organization faces the risk of system crashes (kernel panic) when handling jack events, which can disrupt critical services and cause downtime.

Recommendation

Immediately update the Linux kernel to a version that includes the fix checking the error with IS_ERR() and propagating it to the probe caller.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cx_probe(), the return value of snd_hda_jack_detect_enable_callback() is ignored. This function returns a pointer, and if it fails (e.g., due to memory allocation failure), it returns an error pointer which must be checked using IS_ERR(). If the registration fails, the driver continues to probe, but the jack detection callback will not be registered. This can lead to a kernel crash later when the driver attempts to handle jack events or accesses the uninitialized structure. Check the return value using IS_ERR() and propagate the error via PTR_ERR() to the probe caller.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS