Skip to main content

Linux Kernel CVE-2026-43478

| EUVDEUVD-2026-30014 MEDIUM
2026-05-13 Linux GHSA-vg95-jfx5-wh3m
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local ALSA interface access with low-privilege suffices; hardware specificity does not raise AC; only kernel availability impacted via NULL deref crash.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 26, 2026 - 22:31 vuln.today
CVSS changed
Jun 26, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
May 13, 2026 - 16:33 EUVD
CVE Published
May 13, 2026 - 15:08 nvd
MEDIUM 5.5
CVE Published
May 13, 2026 - 15:08 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put

The correct helper to use in rt1011_recv_spk_mode_put() to retrieve the DAPM context is snd_soc_component_to_dapm(), from kcontrol we will receive NULL pointer.

AnalysisAI

NULL pointer dereference in the Linux kernel's RT1011 ASoC codec driver allows a local, low-privileged user to crash the kernel on systems equipped with Realtek RT1011 smart speaker amplifier hardware. The flaw in rt1011_recv_spk_mode_put() uses an incorrect helper to retrieve the DAPM (Dynamic Audio Power Management) context from a kcontrol object, yielding a NULL pointer that is subsequently dereferenced, triggering a kernel oops or panic. No public exploit is identified and EPSS of 0.02% (5th percentile) reflects negligible real-world exploitation probability, though vendor-confirmed patches are available in Linux 6.19.9 and 7.0.

Technical ContextAI

The vulnerability resides in the ASoC (ALSA System on Chip) subsystem of the Linux kernel, specifically within the Realtek RT1011 smart speaker amplifier codec driver. DAPM (Dynamic Audio Power Management) is the kernel framework responsible for managing power state transitions in audio pipelines. In rt1011_recv_spk_mode_put(), the code incorrectly attempts to retrieve the DAPM context by traversing through the kcontrol object rather than using the correct snd_soc_component_to_dapm() helper operating on the component. The kcontrol-based path returns NULL in this context, and the subsequent dereference causes a kernel fault. While no CWE is formally assigned, this is consistent with CWE-476 (NULL Pointer Dereference). Affected CPE is cpe:2.3:a:linux:linux covering the commit range from 5b35bb517f27fc2401ec3cfd8c02a127627a0188 to the fix commits. Only systems with RT1011 hardware instantiating this codec driver are affected.

RemediationAI

The primary fix is upgrading to Linux kernel 6.19.9 or Linux 7.0, which incorporate the upstream patches at commits b10b2b15b45923ff2807eeb034d91a39b0a3e690 and 30e4b2290cc2a8d1b9ddb9dcb9c981df1f2a7399 - both available at https://git.kernel.org/stable/c/. The fix replaces the incorrect kcontrol-based DAPM context retrieval with the correct snd_soc_component_to_dapm() call. On unpatched systems, a compensating control is to restrict local user access to ALSA sound controls via tightened permissions on /dev/snd device nodes or enforcing an AppArmor or SELinux policy that denies unprivileged users write access to mixer controls; note this trade-off prevents legitimate audio control by non-root users. Distribution-specific stable kernels (RHEL, Debian, Ubuntu) should be monitored for backported patches incorporating these commits.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-43478 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy