{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53052", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.381Z", "datePublished": "2026-06-24T16:29:58.030Z", "dateUpdated": "2026-06-24T16:29:58.030Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T16:29:58.030Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: qdsp6: topology: check widget type before accessing data\n\nCheck widget type before accessing the private data, as this could a\nvirtual widget which is no associated with a dsp graph, container and\nmodule. Accessing witout check could lead to incorrect memory access."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/qcom/qdsp6/topology.c"], "versions": [{"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "8e8cd78b6000c9d19db249a5a68287158f288ef3", "status": "affected", "versionType": "git"}, {"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "1ac96689ce2984f4f6ef8892fcb65da377408421", "status": "affected", "versionType": "git"}, {"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "296810e91f21a21794886c57f954495d8afd7f32", "status": "affected", "versionType": "git"}, {"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "a1a24d4b8c9682f9b7a9138f636ff004c721aef1", "status": "affected", "versionType": "git"}, {"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "6d2491a585202a967ed91f30ec5960024f2536d0", "status": "affected", "versionType": "git"}, {"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "d5bfdd28e0cdd45043ae6e0ac168a451d59283dc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/qcom/qdsp6/topology.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.175", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.141", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.91", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.6.141"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.12.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8e8cd78b6000c9d19db249a5a68287158f288ef3"}, {"url": "https://git.kernel.org/stable/c/1ac96689ce2984f4f6ef8892fcb65da377408421"}, {"url": "https://git.kernel.org/stable/c/296810e91f21a21794886c57f954495d8afd7f32"}, {"url": "https://git.kernel.org/stable/c/a1a24d4b8c9682f9b7a9138f636ff004c721aef1"}, {"url": "https://git.kernel.org/stable/c/6d2491a585202a967ed91f30ec5960024f2536d0"}, {"url": "https://git.kernel.org/stable/c/d5bfdd28e0cdd45043ae6e0ac168a451d59283dc"}], "title": "ASoC: qcom: qdsp6: topology: check widget type before accessing data", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: ASoC: qcom: qdsp6: topology: check widget type before accessing data", "id": "2492370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492370"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-843", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: qcom: qdsp6: topology: check widget type before accessing data\nCheck widget type before accessing the private data, as this could a\nvirtual widget which is no associated with a dsp graph, container and\nmodule. Accessing witout check could lead to incorrect memory access.", "A flaw was found in the Linux kernel. The Advanced Linux Sound Architecture on Chip (ASoC) subsystem, specifically within the Qualcomm qdsp6 topology component, fails to verify the type of a virtual widget before accessing its private data. This oversight could allow an attacker to cause incorrect memory access, potentially leading to a denial of service (DoS) condition."], "name": "CVE-2026-53052", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53052\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53052\nhttps://lore.kernel.org/linux-cve-announce/2026062400-CVE-2026-53052-4d8b@gregkh/T"], "threat_severity": "Moderate"}