CVE & CISA-KEV Catalog

CVE-2026-53350

UNSCORED

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: wm_adsp: Fix NULL dereference when removing firmware controls In wm_adsp_control_remove() check that the priv pointer is not NULL before attempting to cleanup what it points to. When cs_dsp creates a control it calls wm_adsp_control_add_cb() so that wm_adsp can create its own private control data. There are two cases where private data is not created: 1. The control is a SYSTEM control, so an ALSA control is not created. 2. The codec driver has registered a control_add() callback that hides the control, so wm_adsp_control_add() is not called. When cs_dsp_remove destroys its control list it calls wm_adsp_control_remove() for each control. But wm_adsp_control_remove() was attempting to cleanup the private data pointed to by cs_ctl->priv without checking the pointer for NULL.

How to fix

Remediation Available
linuxDebian
Fixed in:6.1.176-1CVE-2026-53350
Fixed in:6.12.94-1CVE-2026-53350
Fixed in:7.0.13-1CVE-2026-53350

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

0.16%probability of exploitation in 30 days
6thpercentile

Low risk: more likely to be exploited than 6% of all known CVEs.

References

Embed a live status badge for CVE-2026-53350
CVE-2026-53350 severity badge

Markdown

[![CVE-2026-53350](https://tridentstack.com/cve/badge/CVE-2026-53350.svg)](https://tridentstack.com/cve/CVE-2026-53350)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-53350"><img src="https://tridentstack.com/cve/badge/CVE-2026-53350.svg" alt="CVE-2026-53350"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-07-01.