CVE-2026-53065 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

ASoC: sti: use managed regmap_field allocations

The regmap_field objects allocated at player init are never freed and
may leak resources if the driver is removed.

Switch to devm_regmap_field_alloc() to automatically limit the lifetime
of the allocations the lifetime of the device.

Published: 2026-06-24

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the Linux kernel’s ASoC STI driver where regmap_field objects allocated during player initialization are never released. This oversight can cause memory or resource leaks that accumulate over time, potentially degrading system performance or crashing the kernel, thereby resulting in a denial of service.

Affected Systems

The issue affects any Linux system that runs the affected ASoC STI driver. It applies generally to distributions that ship the upstream kernel version containing the un-managed allocation code; no specific version range is listed in the CVE data.

Risk and Exploitability

No CVSS or EPSS metrics are published, and the vulnerability is not listed in CISA KEV. Because the leak occurs only when the driver is removed or reinitialized, an attacker would need local system access and repeated load/unload cycles to exploit it. Although the exploit path is unlikely to be automated, prolonged exposure could lead to resource exhaustion and eventual denial of service.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`76c2145ded6b83488dec4afc46a29a57cee90552`	affected	< 4b8dba4527727623a97948aff9f0969a14c203a9
`76c2145ded6b83488dec4afc46a29a57cee90552`	affected	< c3af3bcfc1deb3b230cc266a2ac75bca8f4dfba9
`76c2145ded6b83488dec4afc46a29a57cee90552`	affected	< 43b67761d486d719128e164536e58de5a81dff9b
`76c2145ded6b83488dec4afc46a29a57cee90552`	affected	< 002a5f925d42eca8ad547e55a4ae22714cfe9dec
`76c2145ded6b83488dec4afc46a29a57cee90552`	affected	< 9641071e3a8e0bc664477a0e54db5f9815f0fb79
`76c2145ded6b83488dec4afc46a29a57cee90552`	affected	< a3f3c332882c98ae7553af372191116d1384ca52
`76c2145ded6b83488dec4afc46a29a57cee90552`	affected	< 7422a11a753daacbc2409513cf65e1de0d17c291
`76c2145ded6b83488dec4afc46a29a57cee90552`	affected	< 1696fad8b259a2d46e51cd6e17e4bcdbe02279fa

Linux

affected

Version	Status	Constraints
`4.3`	affected	—
`0`	unaffected	< 4.3
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.141`	unaffected	≤ 6.6.*
`6.12.91`	unaffected	≤ 6.12.*
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel update that incorporates the devm_regmap_field_alloc fix for the ASoC STI driver.
If an update is not possible, configure the system to avoid loading the uninitialized driver or replace the allocation routine with devm_regmap_field_alloc via a custom patch.
Continuously monitor kernel memory and resource usage for irregular growth indicative of lingering allocations.

Generated by OpenCVE AI on June 24, 2026 at 19:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/002a5f925d42eca8ad547e55a4ae22714cfe9dec
https://git.kernel.org/stable/c/1696fad8b259a2d46e51cd6e17e4bcdbe02279fa
https://git.kernel.org/stable/c/43b67761d486d719128e164536e58de5a81dff9b
https://git.kernel.org/stable/c/4b8dba4527727623a97948aff9f0969a14c203a9
https://git.kernel.org/stable/c/7422a11a753daacbc2409513cf65e1de0d17c291
https://git.kernel.org/stable/c/9641071e3a8e0bc664477a0e54db5f9815f0fb79
https://git.kernel.org/stable/c/a3f3c332882c98ae7553af372191116d1384ca52
https://git.kernel.org/stable/c/c3af3bcfc1deb3b230cc266a2ac75bca8f4dfba9

History

Wed, 24 Jun 2026 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ASoC: sti: use managed regmap_field allocations The regmap_field objects allocated at player init are never freed and may leak resources if the driver is removed. Switch to devm_regmap_field_alloc() to automatically limit the lifetime of the allocations the lifetime of the device.
Title		ASoC: sti: use managed regmap_field allocations
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/002a5f925d42eca8ad547e55a4ae22714cfe9dec https://git.kernel.org/stable/c/1696fad8b259a2d46e51cd6e17e4bcdbe02279fa https://git.kernel.org/stable/c/43b67761d486d719128e164536e58de5a81dff9b https://git.kernel.org/stable/c/4b8dba4527727623a97948aff9f0969a14c203a9 https://git.kernel.org/stable/c/7422a11a753daacbc2409513cf65e1de0d17c291 https://git.kernel.org/stable/c/9641071e3a8e0bc664477a0e54db5f9815f0fb79 https://git.kernel.org/stable/c/a3f3c332882c98ae7553af372191116d1384ca52 https://git.kernel.org/stable/c/c3af3bcfc1deb3b230cc266a2ac75bca8f4dfba9

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:30:08.161Z

Updated: 2026-06-24T16:30:08.161Z

Reserved: 2026-06-09T07:44:35.382Z

Link: CVE-2026-53065

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T19:30:08Z

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object