Zero Day MonitorZDM

← Back to list

—

CVE-2026-53291EXPLOITEDPATCHED

linux · linux kernel

ALSA: hda/conexant: Fix missing error check for jack detection

Description

In cx_probe(), the return value of snd_hda_jack_detect_enable_callback() is ignored. This function returns a pointer, and if it fails (e.g., due to memory allocation failure), it returns an error pointer which must be checked using IS_ERR(). If the registration fails, the driver continues to probe, but the jack detection callback will not be registered. This can lead to a kernel crash later when the driver attempts to handle jack events or accesses the uninitialized structure. Check the return value using IS_ERR() and propagate the error via PTR_ERR() to the probe caller.

Affected Products

Vendor	Product	Versions
linux	linux kernel	f13b8cb5a6920ad98b751d3134686f29810577d4, 2cb659ef0ac744545499e7c37665b276d9e405da, 24d748413cc4e1d97074bae1f335d32d30912f10, 7aeb259086487417f0fecf66e325bee133e8813a, 7aeb259086487417f0fecf66e325bee133e8813a, 7aeb259086487417f0fecf66e325bee133e8813a, 7aeb259086487417f0fecf66e325bee133e8813a, 4a28302b2c681e3cf85e3b41231fff363c4c6a0e, 5.15.149, 6.1.77, 6.6.16, 6.7.4, 6.8, 7.0.9

References

Related News (3 articles)

Tier A

Microsoft MSRC3h ago

CVE-2026-53291 ALSA: hda/conexant: Fix missing error check for jack detection

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-53291 | Linux Kernel up to 7.0.9 ALSA cx_probe uninitialized pointer

→ No new info (linked only)

Tier C

Linux Kernel CVEs1d ago

CVE-2026-53291: ALSA: hda/conexant: Fix missing error check for jack detection

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

5.15.209

PublishedJun 26, 2026

Last enriched1d agov3

Trending Score65

Source articles3

Independent3

Info Completeness8/14

Missing: cvss, epss, cwe, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-31431EXPKEV

crypto: algif_aead - Revert to operating out-of-place

HIGHCVE-2026-43284EXPKEV

xfrm: esp: avoid in-place decrypt on shared skb frags

HIGHCVE-2026-43500EXPKEV

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

HIGHCVE-2026-46243EXP

smb: client: reject userspace cifs.spnego descriptions

HIGHCVE-2026-46333EXP

ptrace: slightly saner 'get_dumpable()' logic

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 26, 2026

Actively Exploited

Jun 26, 2026

Exploit Available

Jun 26, 2026

Patch Available

Jun 26, 2026

Discovered by ZDM

Jun 26, 2026

Updated: description, severity, affectedVersions

Jun 26, 2026

Updated: description, exploitAvailable, activelyExploited, patchAvailable

Jun 26, 2026

Version History

v3

Last enriched 1d ago

v3Tier C1d ago

Updated description with technical details, marked exploit available and actively exploited as true, and added affected version 5.15.149.

descriptionexploitAvailableactivelyExploitedpatchAvailable

via Linux Kernel CVEs

v2Tier C1d ago

Updated severity to CRITICAL, added affected version 7.0.9, and provided a new description with details about CVE-2026-53291.

descriptionseverityaffectedVersions

via VulDB

v11d ago

Initial creation