CVE-2026-43443
ASoC: Missing Clock Error Check in AMD ACP Machine Driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel within the ASoC amd acp-mach-common component. Specifically, the functions acp_card_rt5682_init() and acp_card_rt5682s_init() did not properly check the return values of the clk_get() function when acquiring clocks.
Because these return values were not checked, invalid pointers could be dereferenced later by clock core functions, which could cause the kernel to crash.
The fix involved changing clk_get() to the device-managed devm_clk_get() and adding error checks (using IS_ERR()) immediately after each clock acquisition to prevent invalid pointer dereferencing.
How can this vulnerability impact me? :
This vulnerability can lead to a kernel crash due to dereferencing invalid pointers when clock acquisition fails and the error is not properly handled.
A kernel crash can cause system instability, downtime, and potential loss of data or service availability.
What immediate steps should I take to mitigate this vulnerability?
This vulnerability is caused by missing error checks in the Linux kernel's ASoC amd acp-mach-common driver, specifically in the acp_card_rt5682_init() and acp_card_rt5682s_init() functions.
To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix. The fix involves changing clk_get() calls to device-managed devm_clk_get() and adding IS_ERR() checks immediately after each clock acquisition to prevent kernel crashes.