CVE-2026-43478 Linux CVE debrief

Who should care

Linux kernel maintainers, distro security teams, embedded Linux vendors, and operators of systems that use the rt1011 ASoC codec path should care. It is especially relevant for devices where audio stack stability matters and kernel updates are tightly managed.

Technical summary

The supplied description says rt1011_recv_spk_mode_put() used the wrong helper to retrieve the DAPM context. The correct approach is snd_soc_component_to_dapm(), not a kcontrol-derived pointer, because the kcontrol path may provide NULL. The bug is therefore a kernel-side pointer handling error in the ASoC codec control flow, with likely impact limited to crash/instability rather than data exposure based on the provided corpus.

Defensive priority

Medium. The record does not include a CVSS score or vector, but the issue is in kernel code and can affect system availability. Kernel fixes should be prioritized for any affected builds that include the rt1011 codec path.

Recommended defensive actions

• Apply the upstream stable kernel fix referenced in the supplied Linux kernel commit links.
• Check whether any shipped kernel builds include the rt1011 ASoC codec path and backport the fix where needed.
• Validate updated kernels on affected devices to confirm audio functionality and system stability.
• Track distro or vendor advisories for backport status if you cannot move immediately to a fixed kernel release.

Evidence notes

The supplied NVD record identifies CVE-2026-43478 with vulnStatus 'Received' and no CVSS data in the corpus. The description explicitly states the fix: use snd_soc_component_to_dapm() in rt1011_recv_spk_mode_put() because kcontrol can return NULL. Two official Linux kernel stable commit URLs are provided as source references, supporting that this is a kernel patch-level issue.

Official resources