Description
In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/conexant: Fix missing error check for jack detection

In cx_probe(), the return value of snd_hda_jack_detect_enable_callback()
is ignored. This function returns a pointer, and if it fails (e.g., due
to memory allocation failure), it returns an error pointer which must
be checked using IS_ERR().

If the registration fails, the driver continues to probe, but the jack
detection callback will not be registered. This can lead to a kernel
crash later when the driver attempts to handle jack events or accesses
the uninitialized structure.

Check the return value using IS_ERR() and propagate the error via
PTR_ERR() to the probe caller.
Published: 2026-06-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the Conexant HDA driver ignores the return value from snd_hda_jack_detect_enable_callback() during initialization. When that call fails and returns an error pointer, the driver proceeds with an uninitialized jack‑detection callback. A later attempt to handle jack events dereferences this invalid pointer, causing a kernel crash. The weakness is a failure to verify error return values, which falls under the CWE-390 "Missing Error Checking for Output of Initializing Calls".

Affected Systems

All Linux kernel implementations that include the Conexant HDA driver and have not yet merged the patch that introduces the error check. This includes every distribution based on the generic Linux kernel that compiled the hda_conexant module before the commit referenced in the advisory.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity, while the EPSS score of less than 1% suggests that successful exploitation is very unlikely. The vulnerability is not directly reachable from user space; it would require the driver to be loaded during hardware initialization, potentially triggered by a reset or power cycle of the audio hardware. No known public exploits exist and the vulnerability is not listed in the CISA KEV catalog, so the risk to unpatched systems remains primarily theoretical but significant due to the impact of a kernel crash.

Generated by OpenCVE AI on June 29, 2026 at 14:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that contains the Conexant HDA driver patch committed in the kernel tree.
  • If an immediate kernel upgrade is not feasible, blacklist or unload the hda_conexant module so the driver does not load until the patch is applied.
  • Regularly review dmesg or kernel log output for jack‑related errors to confirm that no faulty callbacks are being invoked after a driver load.

Generated by OpenCVE AI on June 29, 2026 at 14:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-390
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cx_probe(), the return value of snd_hda_jack_detect_enable_callback() is ignored. This function returns a pointer, and if it fails (e.g., due to memory allocation failure), it returns an error pointer which must be checked using IS_ERR(). If the registration fails, the driver continues to probe, but the jack detection callback will not be registered. This can lead to a kernel crash later when the driver attempts to handle jack events or accesses the uninitialized structure. Check the return value using IS_ERR() and propagate the error via PTR_ERR() to the probe caller.
Title ALSA: hda/conexant: Fix missing error check for jack detection
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:40:50.808Z

Reserved: 2026-06-09T07:44:35.396Z

Link: CVE-2026-53291

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53291 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T14:45:04Z

Weaknesses
  • CWE-390

    Detection of Error Condition Without Action