CVE-2026-45963

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
27/05/2026
Last modified:
16/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: nau8821: Cancel delayed work on component remove<br /> <br /> Attempting to unload the driver while a jack detection work is pending<br /> would likely crash the kernel when it is eventually scheduled for<br /> execution:<br /> <br /> [ 1984.896308] BUG: unable to handle page fault for address: ffffffffc10c2a20<br /> [...]<br /> [ 1984.896388] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024<br /> [ 1984.896396] Workqueue: events nau8821_jdet_work [snd_soc_nau8821]<br /> [ 1984.896414] RIP: 0010:__mutex_lock+0x9f/0x11d0<br /> [...]<br /> [ 1984.896504] Call Trace:<br /> [ 1984.896511] <br /> [ 1984.896524] ? snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core]<br /> [ 1984.896572] ? snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core]<br /> [ 1984.896596] snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core]<br /> [ 1984.896622] nau8821_jdet_work+0xeb/0x1e0 [snd_soc_nau8821]<br /> [ 1984.896636] process_one_work+0x211/0x590<br /> [ 1984.896649] ? srso_return_thunk+0x5/0x5f<br /> [ 1984.896670] worker_thread+0x1cd/0x3a0<br /> <br /> Cancel unscheduled jdet_work or wait for its execution to finish before<br /> the component driver gets removed.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.19.4 (excluding)