CVE-2026-43443
Analyzed Analyzed - Analysis Complete
ASoC: Missing Clock Error Check in AMD ACP Machine Driver

Publication date: 2026-05-08

Last updated on: 2026-05-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acp_card_rt5682_init() and acp_card_rt5682s_init() functions did not check the return values of clk_get(). This could lead to a kernel crash when the invalid pointers are later dereferenced by clock core functions. Fix this by: 1. Changing clk_get() to the device-managed devm_clk_get(). 2. Adding IS_ERR() checks immediately after each clock acquisition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-21
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43443
EUVD
EUVD-2026-28749
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.16 (inc) to 6.19.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel within the ASoC amd acp-mach-common component. Specifically, the functions acp_card_rt5682_init() and acp_card_rt5682s_init() did not properly check the return values of the clk_get() function when acquiring clocks.

Because these return values were not checked, invalid pointers could be dereferenced later by clock core functions, which could cause the kernel to crash.

The fix involved changing clk_get() to the device-managed devm_clk_get() and adding error checks (using IS_ERR()) immediately after each clock acquisition to prevent invalid pointer dereferencing.

Impact Analysis

This vulnerability can lead to a kernel crash due to dereferencing invalid pointers when clock acquisition fails and the error is not properly handled.

A kernel crash can cause system instability, downtime, and potential loss of data or service availability.

Mitigation Strategies

This vulnerability is caused by missing error checks in the Linux kernel's ASoC amd acp-mach-common driver, specifically in the acp_card_rt5682_init() and acp_card_rt5682s_init() functions.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix. The fix involves changing clk_get() calls to device-managed devm_clk_get() and adding IS_ERR() checks immediately after each clock acquisition to prevent kernel crashes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43443. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart