CVE-2026-43480

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the return value of clk_get(), which could lead to dereferencing error pointers in rt5682_clk_enable(). Fix this by: 1. Changing clk_get() to the device-managed devm_clk_get(). 2. Adding proper IS_ERR() checks for both clock acquisitions.

Package Linux Kernel
Published 2026-05-13
Last modified 2026-05-22
Patch available
Yes

Affected versions

Linux kernel versions 5.7 and later are affected. Fixed in 5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0 and their respective stable series.

Affected from
≥ 5.7
Fixed in
✓ 5.10.253 5.10.x ✓ 5.15.203 5.15.x ✓ 6.1.167 6.1.x ✓ 6.6.130 6.6.x ✓ 6.12.78 6.12.x ✓ 6.18.19 6.18.x ✓ 6.19.9 6.19.x ✓ 7.0

References

The following references provide additional information about CVE-2026-43480 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

8 patch commits total View all on NVD

Frequently asked questions

  • What is CVE-2026-43480?

    CVE-2026-43480 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.7 onward and has been patched in 5.10.253, 5.15.203, 6.1.167 and others. CVE-2026-43480 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • Is there a patch available for CVE-2026-43480?

    Yes — CVE-2026-43480 has been patched. Fixed versions include 5.10.253, 5.15.203, 6.1.167 and others. If you are running Linux kernel 5.7 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2026-43480 actively exploited?

    No — CVE-2026-43480 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

Back to
All CVEs
View on
NVD / NIST