Description
In the Linux kernel, the following vulnerability has been resolved:

ASoC: sti: use managed regmap_field allocations

The regmap_field objects allocated at player init are never freed and
may leak resources if the driver is removed.

Switch to devm_regmap_field_alloc() to automatically limit the lifetime
of the allocations the lifetime of the device.
Published: 2026-06-24
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ASoC STI driver in the Linux kernel has a memory leak flaw: regmap_field objects allocated during audio player initialization are never freed, especially when the driver is removed. Continued load/unload cycles can accumulate unreleased kernel resources, potentially exhausting memory, destabilizing the system, and in extreme cases causing a kernel crash or denial of service.

Affected Systems

This vulnerability affects any Linux system that runs a kernel containing the unpatched ASoC STI driver code. The vendor list is generic (Linux: Linux) and no specific kernel version range is provided, which means any distribution shipping the affected driver without the devm_regmap_field_alloc change is potentially vulnerable.

Risk and Exploitability

The EPSS score is reported as < 1% and the issue is not listed in CISA KEV, indicating a very low likelihood of exploitation. The attack vector is inferred to be local; an attacker would need to repeatedly load and unload the driver, or cause multiple driver unload events, to trigger the leak. While automated exploitation is unlikely, sustained misuse could deplete kernel resources over time, leading to a denial of service. The CVSS score is not provided, but the potential impact is significant if the resource exhaustion reaches critical levels.

Generated by OpenCVE AI on June 26, 2026 at 05:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that incorporates switch to devm_regmap_field_alloc for the ASoC STI driver
  • If a patch update is unavailable, apply a local kernel patch or rebuild the driver with devm_regmap_field_alloc to replace the unmanaged allocation
  • Monitor kernel memory and resource usage for anomalous growth, and schedule periodic driver reloads or system reboots to flush any lingering allocations

Generated by OpenCVE AI on June 26, 2026 at 05:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Fri, 26 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Fri, 26 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ASoC: sti: use managed regmap_field allocations The regmap_field objects allocated at player init are never freed and may leak resources if the driver is removed. Switch to devm_regmap_field_alloc() to automatically limit the lifetime of the allocations the lifetime of the device.
Title ASoC: sti: use managed regmap_field allocations
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:08.161Z

Reserved: 2026-06-09T07:44:35.382Z

Link: CVE-2026-53065

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53065 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T05:30:17Z

Weaknesses
  • CWE-772

    Missing Release of Resource after Effective Lifetime