CVE-2026-23006
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
25/01/2026
Last modified:
25/03/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ASoC: tlv320adcx140: fix null pointer<br />
<br />
The "snd_soc_component" in "adcx140_priv" was only used once but never<br />
set. It was only used for reaching "dev" which is already present in<br />
"adcx140_priv".
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.1 (including) | 6.1.162 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.122 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.67 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/53bd838ed5950cb18927e4b2e8ee841b7cb10929
- https://git.kernel.org/stable/c/61757f5191daab863d25f03680e912b5449a1eed
- https://git.kernel.org/stable/c/659939d08e5f7bc17b941c53e8c9c0a6c6113b21
- https://git.kernel.org/stable/c/954260a32c21d5072d8e7253c0a8b1627927cb02
- https://git.kernel.org/stable/c/be7664c81d3129fc313ef62ff275fd3d33cfecd4