{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23006", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.939Z", "datePublished": "2026-01-25T14:36:19.819Z", "dateUpdated": "2026-05-11T21:58:10.936Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:58:10.936Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: tlv320adcx140: fix null pointer\n\nThe \"snd_soc_component\" in \"adcx140_priv\" was only used once but never\nset. It was only used for reaching \"dev\" which is already present in\n\"adcx140_priv\"."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/codecs/tlv320adcx140.c"], "versions": [{"version": "4e82971f7b556cff3491c867e8840e7d788693b9", "lessThan": "954260a32c21d5072d8e7253c0a8b1627927cb02", "status": "affected", "versionType": "git"}, {"version": "4e82971f7b556cff3491c867e8840e7d788693b9", "lessThan": "659939d08e5f7bc17b941c53e8c9c0a6c6113b21", "status": "affected", "versionType": "git"}, {"version": "4e82971f7b556cff3491c867e8840e7d788693b9", "lessThan": "61757f5191daab863d25f03680e912b5449a1eed", "status": "affected", "versionType": "git"}, {"version": "4e82971f7b556cff3491c867e8840e7d788693b9", "lessThan": "53bd838ed5950cb18927e4b2e8ee841b7cb10929", "status": "affected", "versionType": "git"}, {"version": "4e82971f7b556cff3491c867e8840e7d788693b9", "lessThan": "be7664c81d3129fc313ef62ff275fd3d33cfecd4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/codecs/tlv320adcx140.c"], "versions": [{"version": "6.1", "status": "affected"}, {"version": "0", "lessThan": "6.1", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.67", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.7", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.12.67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.18.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/954260a32c21d5072d8e7253c0a8b1627927cb02"}, {"url": "https://git.kernel.org/stable/c/659939d08e5f7bc17b941c53e8c9c0a6c6113b21"}, {"url": "https://git.kernel.org/stable/c/61757f5191daab863d25f03680e912b5449a1eed"}, {"url": "https://git.kernel.org/stable/c/53bd838ed5950cb18927e4b2e8ee841b7cb10929"}, {"url": "https://git.kernel.org/stable/c/be7664c81d3129fc313ef62ff275fd3d33cfecd4"}], "title": "ASoC: tlv320adcx140: fix null pointer", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC8A14F3-D16F-4AB8-A56B-58BFF0518CEE", "versionEndExcluding": "6.1.162", "versionStartIncluding": "6.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F", "versionEndExcluding": "6.6.122", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7456F614-6AA8-4C08-8229-BA342D4AFBAD", "versionEndExcluding": "6.12.67", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "99FF3E05-0E7A-44E9-8E47-BF6F1F8EC436", "versionEndExcluding": "6.18.7", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*", "matchCriteriaId": "EB5B7DFC-C36B-45D8-922C-877569FDDF43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: tlv320adcx140: fix null pointer\n\nThe \"snd_soc_component\" in \"adcx140_priv\" was only used once but never\nset. It was only used for reaching \"dev\" which is already present in\n\"adcx140_priv\"."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nASoC: tlv320adcx140: correcci\u00f3n de puntero nulo\n\nEl 'snd_soc_component' en 'adcx140_priv' solo se us\u00f3 una vez pero nunca se configur\u00f3. Solo se us\u00f3 para alcanzar 'dev', que ya est\u00e1 presente en 'adcx140_priv'."}], "id": "CVE-2026-23006", "lastModified": "2026-03-25T19:21:56.440", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-25T15:15:55.480", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/53bd838ed5950cb18927e4b2e8ee841b7cb10929"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/61757f5191daab863d25f03680e912b5449a1eed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/659939d08e5f7bc17b941c53e8c9c0a6c6113b21"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/954260a32c21d5072d8e7253c0a8b1627927cb02"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/be7664c81d3129fc313ef62ff275fd3d33cfecd4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ASoC: tlv320adcx140: fix null pointer", "id": "2432672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432672"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-23006", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23006\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23006\nhttps://lore.kernel.org/linux-cve-announce/2026012536-CVE-2026-23006-241b@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-04-18T15:05:26.970837+00:00", "value": {"mitigation_remediation": ["Apply the latest kernel update that includes the patch for the TLV320ADCX140 null pointer fix", "Verify that the kernel version in use is at least 6.1 or the corresponding 6.19 release that contains the bug fix", "If upgrading the kernel is not immediately possible, restrict access to the device or disable the TLV320ADCX140 codec from the system configuration until the patch is applied"], "summary": {"action": "Patch", "impact": "kernel crash leading to denial of service"}, "threat_synthesis": {"affected_systems": "The flaw is present in the Linux kernel across all 6.1 releases and in the 6.19 development releases up to and including 6.19 rc8. Any system running these kernel versions and using the ALSA driver for the TLV320ADCX140 codec is vulnerable. The issue is not specific to a particular vendor but affects all builds of the Linux kernel that include the affected source code.", "description_and_impact": "A null pointer dereference was discovered in the Advanced Linux Sound Architecture (ALSA) driver for the TLV320ADCX140 audio codec. The driver incorrectly accessed a component pointer that was never initialized, which could cause the kernel to dereference a null pointer and panic. This vulnerability produces a system crash and results in an outage of the affected machine.", "risk_and_exploitability": "The CVSS score of 5.5 indicates medium severity. The EPSS score of less than 1% reflects a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Because this condition occurs during kernel initialization and requires the compromised device to load or use the affected driver, an attacker would need local or kernel\u2011level privileges. Therefore the primary impact is a denial\u2011of\u2011service scenario rather than remote code execution."}}}}, "created": "2026-04-18T15:15:03.689010+00:00", "updated": "2026-04-18T15:15:03.689020+00:00", "vendors": []}