CVE-2026-45963
Analyzed Analyzed - Analysis Complete
Use-After-Free in Linux Kernel ASoC NAU8821 Driver

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: nau8821: Cancel delayed work on component remove Attempting to unload the driver while a jack detection work is pending would likely crash the kernel when it is eventually scheduled for execution: [ 1984.896308] BUG: unable to handle page fault for address: ffffffffc10c2a20 [...] [ 1984.896388] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024 [ 1984.896396] Workqueue: events nau8821_jdet_work [snd_soc_nau8821] [ 1984.896414] RIP: 0010:__mutex_lock+0x9f/0x11d0 [...] [ 1984.896504] Call Trace: [ 1984.896511] <TASK> [ 1984.896524] ? snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core] [ 1984.896572] ? snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core] [ 1984.896596] snd_soc_dapm_disable_pin+0x26/0x60 [snd_soc_core] [ 1984.896622] nau8821_jdet_work+0xeb/0x1e0 [snd_soc_nau8821] [ 1984.896636] process_one_work+0x211/0x590 [ 1984.896649] ? srso_return_thunk+0x5/0x5f [ 1984.896670] worker_thread+0x1cd/0x3a0 Cancel unscheduled jdet_work or wait for its execution to finish before the component driver gets removed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45963
EUVD
EUVD-2026-32247
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.16 (inc) to 6.19.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information about CVE-2026-45963 does not include any details regarding its impact on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in the Linux kernel's ASoC driver for the nau8821 component. It occurs when the driver is unloaded while a jack detection work task is still pending. If the delayed work is scheduled after the driver has been removed, it can cause the kernel to crash due to a page fault.

The issue arises because the delayed jack detection work is not properly canceled or waited on before the component driver is removed, leading to attempts to access invalid memory.

Impact Analysis

This vulnerability can cause the Linux kernel to crash unexpectedly when the affected driver is unloaded while jack detection work is still pending. Such crashes can lead to system instability, potential data loss, and downtime.

Detection Guidance

This vulnerability can be detected by monitoring the system kernel logs for specific crash messages related to the nau8821 driver. Look for kernel log entries indicating a page fault or BUG related to the snd_soc_nau8821 workqueue, especially messages similar to the following:

  • BUG: unable to handle page fault for address: ffffffffc10c2a20
  • Workqueue: events nau8821_jdet_work [snd_soc_nau8821]
  • Call trace involving snd_soc_dapm_disable_pin and nau8821_jdet_work

To check for these logs, you can use commands such as:

  • dmesg | grep -i nau8821
  • journalctl -k | grep -i nau8821
  • journalctl -k | grep -E 'BUG|page fault|nau8821_jdet_work'
Mitigation Strategies

To mitigate this vulnerability, ensure that the delayed jack detection work (jdet_work) is either cancelled or allowed to complete before unloading the nau8821 component driver. This prevents the kernel crash caused by the workqueue executing after the driver removal.

Practically, this means:

  • Avoid unloading the driver while jack detection work is pending.
  • If unloading is necessary, modify or update the driver to cancel any scheduled delayed work before removal.
  • Apply any available kernel patches or updates that address this issue.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45963. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart