CVE-2026-43137
NULL Pointer Dereference in Linux Kernel ASoC SOF Intel HDA
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | snd_sof_intel_hda_common | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's sound subsystem related to Intel's SOF (Sound Open Firmware) for HDA (High Definition Audio). It occurs when there is a mismatch between the DAI (Digital Audio Interface) links in the machine driver and the audio topology. Specifically, if the playback or capture widget is not setβsuch as in the case of loopback capture for echo reference using a dummy DAI linkβthe system may attempt to dereference a null pointer. This can lead to a crash or instability in the kernel.
The fix involves returning an error when the widget is not set, preventing the null pointer dereference and improving system stability when the topology is broken.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash or become unstable due to a null pointer dereference in the sound subsystem. This may result in system crashes or denial of service, particularly affecting audio playback or capture functionalities that rely on the affected Intel SOF HDA driver.