CVE-2026-43480

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition

The acp3x_5682_init() function did not check the return value of clk_get(), which could lead to dereferencing error pointers in rt5682_clk_enable().

Fix this by:

  1. Changing clk_get() to the device-managed devm_clk_get().
  2. Adding proper IS_ERR() checks for both clock acquisitions.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6b8e4e7db3cd236a2cbb720360fb135087a2ac1d < 2dc43ac8da7b2bebc5a51a3d86a6275d78f27cffaffected
LinuxLinux6b8e4e7db3cd236a2cbb720360fb135087a2ac1d < 4d802f23fcbfec05134653fd001f6c7c3fd55196affected
LinuxLinux6b8e4e7db3cd236a2cbb720360fb135087a2ac1d < 2b0c4a399c8d27f20ecf17dda76751141d6dbb59affected
LinuxLinux6b8e4e7db3cd236a2cbb720360fb135087a2ac1d < 35c7624d30cb45ec336cd16ce072acc32ae351cbaffected
LinuxLinux6b8e4e7db3cd236a2cbb720360fb135087a2ac1d < 33de168afdd57265a0e0c20dbd3648a2d8f7cdc4affected
LinuxLinux6b8e4e7db3cd236a2cbb720360fb135087a2ac1d < 790851ecc983c719fa2e6adb17b02f3acc1d217daffected
LinuxLinux6b8e4e7db3cd236a2cbb720360fb135087a2ac1d < 092522621901b5e6af61db04a53f5b313903c6d0affected
LinuxLinux6b8e4e7db3cd236a2cbb720360fb135087a2ac1d < 53f3a900e9a383d47af7253076e19f510c5708d0affected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux5.10.253 <= 5.10.*unaffected
LinuxLinux5.15.203 <= 5.15.*unaffected
LinuxLinux6.1.167 <= 6.1.*unaffected
LinuxLinux6.6.130 <= 6.6.*unaffected
LinuxLinux6.12.78 <= 6.12.*unaffected
LinuxLinux6.18.19 <= 6.18.*unaffected
LinuxLinux6.19.9 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References