Linux Kernel ASoC Vulnerability in Sound Card Management
CVE-2026-43095

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43095?

A vulnerability exists in the Linux kernel's ASoC (ALSA System on Chip) subsystem that can lead to improper management of IRQs (Interrupt Requests) during sound card operations. When the sound card is decommissioned, the IRQs can continue to persist, resulting in potential crashes due to lingering references to the sound card and its controls. This issue has been addressed by modifying the IRQ request handling to avoid using devm (device management) outside of bus probing. The updated implementation ensures that IRQs are registered more safely, thereby enhancing the stability and reliability of sound card management in the Linux kernel.

Affected Version(s)

Linux b126394d9ec6f9d8322cf392ba23d4a5f96faf5a

Linux b126394d9ec6f9d8322cf392ba23d4a5f96faf5a < 4e53116437e919c4b9a9d95fb73ae14fe0cfc8f9

Linux 6.17

References

https://git.kernel.org/stable/c/b022da127bd9d2217e8f285e6...

https://git.kernel.org/stable/c/4e53116437e919c4b9a9d95fb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43095 Data

JSON