CVE-2026-43095
ASoC SDCA IRQ Cleanup Flaw in Linux Kernel
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ASoC SDCA component related to IRQ (Interrupt Request) cleanup. IRQs are enabled using devm_request_threaded_irq() during component probe, but this can cause IRQs to persist even after the sound card is torn down. Some IRQ handlers keep references to the sound card and its controls, which can lead to failures or crashes when those references become invalid.
The root cause is the improper cleanup of IRQs because devm (device managed) is used outside of the bus probe context, which is not recommended. The fix involves removing the use of devm for IRQ requests and instead manually registering and cleaning up IRQs to ensure proper handling and avoid crashes.
How can this vulnerability impact me? :
This vulnerability can cause system instability or crashes related to the sound card subsystem in the Linux kernel. Specifically, if IRQs are not properly cleaned up when a sound card is removed, the system may attempt to access invalid references, leading to failures or kernel crashes.
What immediate steps should I take to mitigate this vulnerability?
This vulnerability involves improper cleanup of IRQs in the Linux kernel's ASoC SDCA component, which can cause crashes due to lingering IRQ handlers referencing torn down sound card components.
To mitigate this vulnerability, update your Linux kernel to a version where this issue is fixed, as the patch removes the use of devm_request_threaded_irq() and implements manual IRQ cleanup to prevent IRQs from persisting after the sound card is torn down.