Skip to main content

Linux Kernel CVE-2026-43443

| EUVDEUVD-2026-28749 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-08 Linux GHSA-xx4x-7c38-rpq3
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 21, 2026 - 17:22 vuln.today
CVSS changed
May 21, 2026 - 17:22 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:22 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ASoC: amd: acp-mach-common: Add missing error check for clock acquisition

The acp_card_rt5682_init() and acp_card_rt5682s_init() functions did not check the return values of clk_get(). This could lead to a kernel crash when the invalid pointers are later dereferenced by clock core functions.

Fix this by:

  1. Changing clk_get() to the device-managed devm_clk_get().
  2. Adding IS_ERR() checks immediately after each clock acquisition.

AnalysisAI

Null pointer dereference in the Linux kernel's ASoC AMD ACP machine-common driver can be triggered by a local authenticated user to crash the kernel, resulting in a denial of service. The functions acp_card_rt5682_init() and acp_card_rt5682s_init() in sound/soc/amd/acp/acp-mach-common.c fail to validate the return value of clk_get(), allowing an invalid error pointer to be dereferenced by downstream clock core functions. No public exploit code exists and no active exploitation has been confirmed; EPSS probability stands at 0.02% (5th percentile), reflecting very low real-world exploitation likelihood.

Technical ContextAI

The affected code resides in the ASoC (ALSA System on Chip) subsystem of the Linux kernel, specifically the AMD ACP (Audio Coprocessor) machine driver targeting rt5682/rt5682s audio codecs, common on AMD Ryzen/EPYC platforms. CWE-476 (NULL Pointer Dereference) is the root cause class: clk_get() can return an ERR_PTR value on failure, but without an IS_ERR() guard the returned invalid pointer is passed to clock framework functions, causing a kernel NULL/invalid-pointer dereference and panic. The fix converts clk_get() calls to device-managed devm_clk_get() and adds proper IS_ERR() checks, ensuring the driver fails gracefully rather than crashing. Affected CPE: cpe:2.3:a:linux:linux (kernel versions from commit d4c750f2c7d4 through stable branches targeting 6.19.9 and 7.0). The vulnerability was introduced in Linux 5.16 when AMD ACP rt5682 support was added.

RemediationAI

The vendor-released patch is available in Linux 6.19.9 and Linux 7.0, delivered via two stable-tree commits: https://git.kernel.org/stable/c/0cee68fb7f4cf1562e067c5a82d25062a973b0d0 and https://git.kernel.org/stable/c/30c64fb9839949f085c8eb55b979cbd8a4c51f00. Administrators should update to Linux kernel 6.19.9 or later (6.x stable) or 7.0+ (mainline). For systems that cannot be patched immediately, a viable compensating control is to blacklist or unload the snd-soc-amd-acp-common kernel module (modprobe -r snd_soc_amd_acp) if AMD ACP audio is not required - this prevents the vulnerable code path from executing entirely, at the cost of disabling onboard AMD audio. Disabling the module has no security side effects beyond loss of audio functionality on AMD ACP-equipped hardware. Distribution vendors (Debian, Ubuntu, RHEL, SUSE, Arch) are expected to backport these commits into their respective stable kernel packages; check distribution errata for specific package versions.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43443 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy