Impact
The flaw is a NULL pointer dereference (CWE‑476) in the wm_adsp control removal routine of the Linux kernel sound subsystem. When a firmware control without associated private data is removed, the driver attempts to free that data unconditionally. This triggers a kernel oops, which can lead to a system crash or reboot. The vulnerability does not expose configuration or user data but disrupts availability for the affected system.
Affected Systems
All builds of the Linux kernel that include the wm_adsp driver are potentially susceptible, as the issue exists in any kernel version before the commit that introduces the null check. Since the exact vulnerable version range is not specified, any kernel lacking the patch should be considered at risk.
Risk and Exploitability
The vulnerability requires an attacker to exercise control removal on the wm_adsp device, which normally necessitates local system access or a program capable of manipulating ALSA controls. The CVSS score of 5.5 indicates a moderate severity, and the attack vector is local, with no publicly disclosed exploitation or KEV listing. With no EPSS score, the theoretical exploitation probability is low to moderate; however, an affected kernel could still be forced into a crash if the attacker can trigger the buggy path.
OpenCVE Enrichment