What is GHSA-xx4x-7c38-rpq3?

GHSA-xx4x-7c38-rpq3 is a security advisory published by GitHub Security Advisories with Medium severity. In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common:...

Which CVE IDs does GHSA-xx4x-7c38-rpq3 cover?

GHSA-xx4x-7c38-rpq3 covers the following CVE IDs: CVE-2026-43443. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-xx4x-7c38-rpq3?

GHSA-xx4x-7c38-rpq3 has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-xx4x-7c38-rpq3MediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common:...

Vendor

GitHub Security Advisories

Published

May 8, 2026

Last Modified

May 21, 2026

🔗 CVE IDs covered (1)

CVE-2026-43443 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

ASoC: amd: acp-mach-common: Add missing error check for clock acquisition

The acp_card_rt5682_init() and acp_card_rt5682s_init() functions did not check the return values of clk_get(). This could lead to a kernel crash when the invalid pointers are later dereferenced by clock core functions.

Fix this by:

Changing clk_get() to the device-managed devm_clk_get().
Adding IS_ERR() checks immediately after each clock acquisition.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-43443
https://git.kernel.org/stable/c/0cee68fb7f4cf1562e067c5a82d25062a973b0d0
https://git.kernel.org/stable/c/30c64fb9839949f085c8eb55b979cbd8a4c51f00
https://github.com/advisories/GHSA-xx4x-7c38-rpq3