CVE-2026-43480
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
In the Linux kernel, the ASoC driver for AMD ACP3x was missing error checking for clock acquisition. The acp3x_5682_init() function did not verify the result of clk_get(), which could lead to dereferencing error pointers in rt5682_clk_enable().
Risk Assessment
Lack of error checking may result in using invalid pointers, leading to system crashes or potential security breaches due to unexpected driver behavior.
Recommendation
Apply the patch replacing clk_get() with devm_clk_get() and add IS_ERR() checks for both clock acquisitions. It is recommended to update the Linux kernel to a version containing the fix.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the return value of clk_get(), which could lead to dereferencing error pointers in rt5682_clk_enable(). Fix this by: 1. Changing clk_get() to the device-managed devm_clk_get(). 2. Adding proper IS_ERR() checks for both clock acquisitions.

