Description
In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put

The correct helper to use in rt1011_recv_spk_mode_put() to retrieve the
DAPM context is snd_soc_component_to_dapm(), from kcontrol we will
receive NULL pointer.
Published: 2026-05-13
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s ASoC rt1011 codec driver contains an error where the spk_mode_put() control mode uses an incorrect helper to retrieve the DAPM context, resulting in a NULL pointer being dereferenced. This flaw can trigger a kernel crash or denial of service when a user triggers the offending control path. The vulnerability does not grant direct code execution, but it can disrupt system availability if exploited.

Affected Systems

All Linux kernel versions that include the rt1011 codec driver and have not yet applied the fix. The exact affected versions are not recorded in the CVE data, so any kernel lacking the patch is potentially vulnerable whenever the rt1011 codec is loaded.

Risk and Exploitability

EPSS data is not available and the flaw is not listed in the CISA KEV catalog, indicating no known public exploits to date. The attack vector is inferred to be local, requiring the ability to interact with the rt1011 driver (e.g., through user‑space control interfaces or a custom kernel module). An attacker would likely need at least root or the capability to load the driver, after which the vulnerable function could be triggered to cause a denial of service. The CVSS score of 5.5 indicates medium severity, reflecting the risk of a kernel panic but limited exploitability beyond the local context.

Generated by OpenCVE AI on May 14, 2026 at 13:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Linux kernel that incorporates the rt1011 driver fix
  • If an immediate patch is unavailable, disable or remove the rt1011 codec driver from the system configuration
  • Monitor system logs for kernel panics or related error messages to confirm the vulnerability has been addressed

Generated by OpenCVE AI on May 14, 2026 at 13:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 13 May 2026 18:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put The correct helper to use in rt1011_recv_spk_mode_put() to retrieve the DAPM context is snd_soc_component_to_dapm(), from kcontrol we will receive NULL pointer.
Title ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-13T15:08:27.352Z

Reserved: 2026-05-01T14:12:56.012Z

Link: CVE-2026-43478

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-13T16:16:50.940

Modified: 2026-05-13T16:16:50.940

Link: CVE-2026-43478

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-13T00:00:00Z

Links: CVE-2026-43478 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T13:30:06Z

Weaknesses