CVE Catalog

CVE-2026-43478

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile - higher than 1% of all known CVEs

Summary

In the Linux kernel, in the RT1011 audio codec driver, a vulnerability was found where the rt1011_recv_spk_mode_put() function uses an incorrect method to retrieve the DAPM context, leading to a NULL pointer dereference.

Risk Assessment

An attacker could exploit this vulnerability to cause a kernel panic or potentially escalate privileges by intentionally triggering the function with a kcontrol that passes NULL.

Recommendation

Immediately update the Linux kernel to a version containing the fix that replaces the snd_soc_kcontrol_to_dapm() call with the correct snd_soc_component_to_dapm().

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put The correct helper to use in rt1011_recv_spk_mode_put() to retrieve the DAPM context is snd_soc_component_to_dapm(), from kcontrol we will receive NULL pointer.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS