CVE-2026-43137
Analyzed Analyzed - Analysis Complete

NULL Pointer Dereference in Linux Kernel ASoC SOF Intel HDA

Vulnerability report for CVE-2026-43137, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-06

Last updated on: 2026-05-23

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopback capture for echo reference where we use the dummy DAI link. Return the error when the widget is not set to avoid a null pointer dereference like below when the topology is broken. RIP: 0010:hda_dai_get_ops.isra.0+0x14/0xa0 [snd_sof_intel_hda_common]

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-06
Last Modified
2026-05-23
Generated
2026-07-06
AI Q&A
2026-05-06
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
intel snd_sof_intel_hda_common *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's sound subsystem related to Intel's SOF (Sound Open Firmware) for HDA (High Definition Audio). It occurs when there is a mismatch between the DAI (Digital Audio Interface) links in the machine driver and the audio topology. Specifically, if the playback or capture widget is not setβ€”such as in the case of loopback capture for echo reference using a dummy DAI linkβ€”the system may attempt to dereference a null pointer. This can lead to a crash or instability in the kernel.

The fix involves returning an error when the widget is not set, preventing the null pointer dereference and improving system stability when the topology is broken.

Impact Analysis

This vulnerability can cause the Linux kernel to crash or become unstable due to a null pointer dereference in the sound subsystem. This may result in system crashes or denial of service, particularly affecting audio playback or capture functionalities that rely on the affected Intel SOF HDA driver.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43137. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart