In the Linux kernel, the following vulnerability has been resolved:
ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition
The acp3x_5682_init() function did not check the return value of
clk_get(), which could lead to dereferencing error pointers in
rt5682_clk_enable().
Fix this by:
1. Changing clk_get() to the device-managed devm_clk_get().
2. Adding proper IS_ERR() checks for both clock acquisitions.
| Score | Percentile |
|---|---|
| 0.11% | 1.78% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 5.5 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-c9x8-fmgr-c724 ↗ |
| CVE | CVE-2026-43480 ↗ |
| CWE id | Name |
|---|---|
| CWE-476 | NULL Pointer Dereference |