An attacker would need to cause clk_get() to fail (e.g., by removing or disabling the relevant clock device in the system) before the ASoC card initialization completes. When the system subsequently attempts to enable the clock via rt5682_clk_enable(), the unchecked error pointer from clk_get() is dereferenced, leading to a kernel crash or memory corruption. This is a local denial-of-service triggerable through clock subsystem manipulation on a system using the acp3x-rt5682-max9836 audio driver.

Affected code

The vulnerability is in the acp3x_5682_init() function within the ASoC AMD acp3x-rt5682-max9836 driver. The function calls clk_get() to acquire two clocks but does not check the return value for errors. The unchecked pointer is later passed to rt5682_clk_enable(), which dereferences it without validation.

What the fix does

The patch replaces clk_get() with devm_clk_get() so that clock resources are automatically managed and adds IS_ERR() checks after each clock acquisition. If devm_clk_get() returns an error pointer, the function now returns the error via PTR_ERR() instead of proceeding with an invalid clock reference. This prevents rt5682_clk_enable() from ever receiving an error pointer, closing the null/error-pointer dereference vulnerability.

Preconditions

inputThe attacker must be able to cause clk_get() to fail, e.g., by manipulating the clock subsystem (removing/disabling the clock device).
authLocal access is required to trigger the clock subsystem manipulation.

Generated on May 19, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000