Description
In the Linux kernel, the following vulnerability has been resolved:

ASoC: nau8821: Cancel delayed work on component remove

Attempting to unload the driver while a jack detection work is pending
would likely crash the kernel when it is eventually scheduled for
execution:

[ 1984.896308] BUG: unable to handle page fault for address: ffffffffc10c2a20
[...]
[ 1984.896388] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024
[ 1984.896396] Workqueue: events nau8821_jdet_work [snd_soc_nau8821]
[ 1984.896414] RIP: 0010:__mutex_lock+0x9f/0x11d0
[...]
[ 1984.896504] Call Trace:
[ 1984.896511] <TASK>
[ 1984.896524] ? snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core]
[ 1984.896572] ? snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core]
[ 1984.896596] snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core]
[ 1984.896622] nau8821_jdet_work+0xeb/0x1e0 [snd_soc_nau8821]
[ 1984.896636] process_one_work+0x211/0x590
[ 1984.896649] ? srso_return_thunk+0x5/0x5f
[ 1984.896670] worker_thread+0x1cd/0x3a0

Cancel unscheduled jdet_work or wait for its execution to finish before
the component driver gets removed.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Linux kernel’s sound subsystem driver for the nau8821 codec; attempting to unload the driver while an asynchronous jack‑detection work item remains pending can result in a kernel panic. When the delayed work eventually executes it dereferences a stale or invalid pointer, causing a page fault that brings the whole system down. The immediate consequence is a denial‑of‑service, as the affected machine becomes unusable until a reboot.

Affected Systems

Linux kernel builds that include the nau8821 driver prior to any fixes are affected. Any system where the driver module can be unloaded by a local user—typically a root account—faces the risk. The advisory does not list specific kernel versions, so any release shipping the unpatched driver is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.5 is reported, and the EPSS score is unavailable; the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a privileged local user who can unload the module; no remote or network attack vector is described. If an attacker succeeds, the result is an immediate kernel crash and service interruption. The attack surface is limited to systems where the driver is present and can be removed by the attacker.

Generated by OpenCVE AI on May 28, 2026 at 04:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available kernel update that contains a fix for the nau8821 driver; check the distribution’s security notices for a relevant patch.
  • If an update is not yet available, avoid unloading the nau8821 module while it is in use; keep the driver loaded or restart the system before performing module removal.
  • If immediate removal is unavoidable, consider disabling jack‑detection work in the driver configuration or blacklisting the module until a patch is available, then reboot and verify kernel stability.

Generated by OpenCVE AI on May 28, 2026 at 04:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-398
CWE-416
CWE-590

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-364
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 27 May 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-398
CWE-416
CWE-590

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ASoC: nau8821: Cancel delayed work on component remove Attempting to unload the driver while a jack detection work is pending would likely crash the kernel when it is eventually scheduled for execution: [ 1984.896308] BUG: unable to handle page fault for address: ffffffffc10c2a20 [...] [ 1984.896388] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024 [ 1984.896396] Workqueue: events nau8821_jdet_work [snd_soc_nau8821] [ 1984.896414] RIP: 0010:__mutex_lock+0x9f/0x11d0 [...] [ 1984.896504] Call Trace: [ 1984.896511] <TASK> [ 1984.896524] ? snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core] [ 1984.896572] ? snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core] [ 1984.896596] snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core] [ 1984.896622] nau8821_jdet_work+0xeb/0x1e0 [snd_soc_nau8821] [ 1984.896636] process_one_work+0x211/0x590 [ 1984.896649] ? srso_return_thunk+0x5/0x5f [ 1984.896670] worker_thread+0x1cd/0x3a0 Cancel unscheduled jdet_work or wait for its execution to finish before the component driver gets removed.
Title ASoC: nau8821: Cancel delayed work on component remove
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:21.228Z

Reserved: 2026-05-13T15:03:33.089Z

Link: CVE-2026-45963

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:13.047

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45963

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45963 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T05:00:09Z

Weaknesses