CVE Catalog

CVE-2026-43480

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel, the ASoC driver for AMD ACP3x was missing error checking for clock acquisition. The acp3x_5682_init() function did not verify the result of clk_get(), which could lead to dereferencing error pointers in rt5682_clk_enable().

Risk Assessment

Lack of error checking may result in using invalid pointers, leading to system crashes or potential security breaches due to unexpected driver behavior.

Recommendation

Apply the patch replacing clk_get() with devm_clk_get() and add IS_ERR() checks for both clock acquisitions. It is recommended to update the Linux kernel to a version containing the fix.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the return value of clk_get(), which could lead to dereferencing error pointers in rt5682_clk_enable(). Fix this by: 1. Changing clk_get() to the device-managed devm_clk_get(). 2. Adding proper IS_ERR() checks for both clock acquisitions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS