Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-53350— ASoC: wm_adsp: Fix NULL dereference when removing firmware controls

AI Predicted 4.4 Difficulty: Easy EPSS 0.16% · P6

Affected Version Matrix 14

VendorProductVersion RangeStatus
LinuxLinux0700bc2fb94c28459f57a10d2ee2c7ef4cb70862< 5ee9bbe2af2f373e08d3017f9aef2f2eaf29fbc3affected
0700bc2fb94c28459f57a10d2ee2c7ef4cb70862< 10def23b67b42679d5b1a356e1a6f3498bd188c3affected
0700bc2fb94c28459f57a10d2ee2c7ef4cb70862< 2f1be283aa777d655525d000d16474b7e7d015eaaffected
0700bc2fb94c28459f57a10d2ee2c7ef4cb70862< 12e579b889624ec54a201d98fdff975de556c731affected
0700bc2fb94c28459f57a10d2ee2c7ef4cb70862< 6effd6f7b0ba1f5d1df702b2ef7460bcc215e9b7affected
0700bc2fb94c28459f57a10d2ee2c7ef4cb70862< 7d3fb78b550301e43fdc60312aed733069694426affected
5.16affected
< 5.16unaffected
… +6 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53350

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ASoC: wm_adsp: Fix NULL dereference when removing firmware controls
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: wm_adsp: Fix NULL dereference when removing firmware controls In wm_adsp_control_remove() check that the priv pointer is not NULL before attempting to cleanup what it points to. When cs_dsp creates a control it calls wm_adsp_control_add_cb() so that wm_adsp can create its own private control data. There are two cases where private data is not created: 1. The control is a SYSTEM control, so an ALSA control is not created. 2. The codec driver has registered a control_add() callback that hides the control, so wm_adsp_control_add() is not called. When cs_dsp_remove destroys its control list it calls wm_adsp_control_remove() for each control. But wm_adsp_control_remove() was attempting to cleanup the private data pointed to by cs_ctl->priv without checking the pointer for NULL.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会开源的一款操作系统内核。 Linux kernel 5.16版本存在安全漏洞,该漏洞源于ASoC wm_adsp子系统中删除固件控制时未检查priv指针为空,可能导致空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 0700bc2fb94c28459f57a10d2ee2c7ef4cb70862 ~ 5ee9bbe2af2f373e08d3017f9aef2f2eaf29fbc3 -
LinuxLinux 5.16 -

II. Public POCs for CVE-2026-53350

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53350

登录查看更多情报信息。

Patches & Fixes for CVE-2026-53350 (5)

Same Patch Batch · Linux · 2026-07-01 · 31 CVEs total

CVE-2026-53339i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()
CVE-2026-53326debugobjects: Don't call fill_pool() in early boot hardirq context
CVE-2026-53327debugobjects: Do not fill_pool() if pi_blocked_on
CVE-2026-53328sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()
CVE-2026-53329drm/amd/display: Use krealloc_array() in dal_vector_reserve()
CVE-2026-53330drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval()
CVE-2026-53331slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock
CVE-2026-53332slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd
CVE-2026-53334mm/damon/reclaim: handle ctx allocation failure
CVE-2026-53333mm/mincore: handle non-swap entries before !CONFIG_SWAP guard
CVE-2026-53335mm/damon/lru_sort: handle ctx allocation failure
CVE-2026-53336nvmem: layouts: onie-tlv: fix hang on unknown types
CVE-2026-53337net: bonding: fix NULL pointer dereference in bond_do_ioctl()
CVE-2026-53338net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()
CVE-2026-53340i2c: imx: fix clock and pinctrl state inconsistency in runtime PM
CVE-2026-53356drm/i915/gem: Fix phys BO pread/pwrite with offset
CVE-2026-53342arm64: mm: call pagetable dtor when freeing hot-removed page tables
CVE-2026-53341fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh()
CVE-2026-53343ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow
CVE-2026-53344pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init

Showing top 20 of 31 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-53350

No comments yet


Leave a comment