Description
In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: hda: Fix NULL pointer dereference

If there's a mismatch between the DAI links in the machine driver and
the topology, it is possible that the playback/capture widget is not
set, especially in the case of loopback capture for echo reference
where we use the dummy DAI link. Return the error when the widget is not
set to avoid a null pointer dereference like below when the topology is
broken.

RIP: 0010:hda_dai_get_ops.isra.0+0x14/0xa0 [snd_sof_intel_hda_common]
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a null pointer dereference in the Linux kernel’s ASoC SOF Intel HDA driver (CWE‑476, CWE‑824). When the Digital Audio Interface (DAI) links defined in a machine driver do not match those used by the topology—particularly during loopback capture for echo reference—the code attempts to access a widget that may not be set. This causes a null pointer dereference in hda_dai_get_ops, leading to a kernel crash and a loss of system availability. The attack does not leak information but can cause severe disruption if exploited.

Affected Systems

All Linux kernel releases that include the Intel SOF HDA driver without the patch from commit 10411f1f2c76be67103b1f95822ff629aa25e2aa. The vulnerability is present in kernel versions that provide the SOF audio driver for Intel hardware until the fix is applied. The specific audio subsystem is part of the ASoC architecture within the Linux kernel.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score is < 1%, indicating a low but non‑zero exploitation probability. The vulnerability is not listed in CISA’s KEV catalog, so exploitation likelihood is uncertain. However, the flaw can lead to a kernel crash. The likely attack vector, inferred from the description, is local or during system boot when the topology is initialized; an attacker who can influence the machine driver or topology configuration could trigger the crash, resulting in a denial of service. Because the code now returns an error instead of dereferencing a null pointer, the impact is mitigated only after the patch is deployed.

Generated by OpenCVE AI on May 12, 2026 at 23:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that includes the commit referenced in the advisory, or back‑port the fix to the running kernel. This ensures the NULL pointer check is enforced during DAI link validation.
  • Verify that the DAI link definitions in each machine driver match the corresponding topology entries; mismatches should be corrected to prevent the situation that triggers the crash.
  • If an immediate kernel upgrade is not possible, disable or bypass the SOF HDA audio driver modules on impacted systems to avoid the crash until the patch can be applied.

Generated by OpenCVE AI on May 12, 2026 at 23:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 11:45:00 +0000

Type Values Removed Values Added
References

Tue, 12 May 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 07 May 2026 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-824
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopback capture for echo reference where we use the dummy DAI link. Return the error when the widget is not set to avoid a null pointer dereference like below when the topology is broken. RIP: 0010:hda_dai_get_ops.isra.0+0x14/0xa0 [snd_sof_intel_hda_common]
Title ASoC: SOF: Intel: hda: Fix NULL pointer dereference
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T11:25:56.128Z

Reserved: 2026-05-01T14:12:55.988Z

Link: CVE-2026-43137

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-05-06T12:16:31.007

Modified: 2026-05-23T12:17:02.107

Link: CVE-2026-43137

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43137 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T00:00:17Z

Weaknesses