CVE-2026-23006
BaseFortify
Publication date: 2026-01-25
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.7 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.2 (inc) to 6.6.122 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.67 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.1.1 (inc) to 6.1.162 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability could potentially cause a null pointer dereference in the Linux kernel driver, which may lead to system instability or crashes when the affected driver is used.
Can you explain this vulnerability to me?
This vulnerability involves a null pointer issue in the Linux kernel's ASoC tlv320adcx140 driver. Specifically, the 'snd_soc_component' pointer in 'adcx140_priv' was referenced but never set, which could lead to a null pointer dereference. The pointer was only used to access 'dev', which is already available in 'adcx140_priv', indicating a coding oversight that was fixed.