CVE-2026-43443
Analyzed Analyzed - Analysis Complete

ASoC: Missing Clock Error Check in AMD ACP Machine Driver

Vulnerability report for CVE-2026-43443, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-08

Last updated on: 2026-05-21

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acp_card_rt5682_init() and acp_card_rt5682s_init() functions did not check the return values of clk_get(). This could lead to a kernel crash when the invalid pointers are later dereferenced by clock core functions. Fix this by: 1. Changing clk_get() to the device-managed devm_clk_get(). 2. Adding IS_ERR() checks immediately after each clock acquisition.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-08
Last Modified
2026-05-21
Generated
2026-07-09
AI Q&A
2026-05-08
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.16 (inc) to 6.19.9 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel within the ASoC amd acp-mach-common component. Specifically, the functions acp_card_rt5682_init() and acp_card_rt5682s_init() did not properly check the return values of the clk_get() function when acquiring clocks.

Because these return values were not checked, invalid pointers could be dereferenced later by clock core functions, which could cause the kernel to crash.

The fix involved changing clk_get() to the device-managed devm_clk_get() and adding error checks (using IS_ERR()) immediately after each clock acquisition to prevent invalid pointer dereferencing.

Impact Analysis

This vulnerability can lead to a kernel crash due to dereferencing invalid pointers when clock acquisition fails and the error is not properly handled.

A kernel crash can cause system instability, downtime, and potential loss of data or service availability.

Mitigation Strategies

This vulnerability is caused by missing error checks in the Linux kernel's ASoC amd acp-mach-common driver, specifically in the acp_card_rt5682_init() and acp_card_rt5682s_init() functions.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix. The fix involves changing clk_get() calls to device-managed devm_clk_get() and adding IS_ERR() checks immediately after each clock acquisition to prevent kernel crashes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43443. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart