CVE-2026-43443

MEDIUM EPSS 1.4%
Published May 8, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 8, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acp_card_rt5682_init() and acp_card_rt5682s_init() functions did not check the return values of clk_get(). This could lead to a kernel crash when the invalid pointers are later dereferenced by clock core functions. Fix this by: 1. Changing clk_get() to the device-managed devm_clk_get(). 2. Adding IS_ERR() checks immediately after each clock acquisition.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥5.16  –  <6.19.9
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 2

  • git.kernel.org https://git.kernel.org/stable/c/0cee68fb7f4cf1562e067c5a82d25062a973b0d0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/30c64fb9839949f085c8eb55b979cbd8a4c51f00
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0cee68fb7f4cf1562e067c5a82d25062a973b0d0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/30c64fb9839949f085c8eb55b979cbd8a4c51f00
    Patch