During the probe of a Conexant audio codec, the ALSA HDA driver ignores the return value of snd_hda_jack_detect_enable_callback(). When this function fails, it returns an error pointer that must be checked with IS_ERR(), but the code does not. Continuing probing with an uninitialized jack detection callback can later cause the driver to dereference an invalid pointer, leading to a kernel crash. The weakness is a failure to verify error return values, which is a common root for null or invalid pointer dereferences within kernel code.

All Linux kernel builds that include the hda/conexant driver and have not yet incorporated the commit adding the error check. The affected product is the generic Linux kernel, as represented by the CPE string cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*, and applies to every distribution using this driver before the patch.

The flaw requires the driver to load during hardware initialization, meaning it is not directly exploitable from user space without privileged hardware access. However, an attacker could trigger the driver to load—by, for example, resetting or power cycling the audio hardware—so that memory allocation fails and the driver registers an invalid callback. In that scenario the kernel would crash, causing a denial of service. The vulnerability lacks an EPSS score and is not listed as a known exploited vulnerability, indicating a moderate baseline exploitation likelihood; nevertheless, because the impact is a kernel crash, the risk is high for systems that cannot be updated immediately.