Linux Kernel ACP3X RT5682 MAX9836 Clock Acquisition Error Check Vulnerability

A vulnerability exists in the Linux kernel's ACP3X RT5682 MAX9836 audio driver. The issue arises because the 'acp3x_5682_init()' function fails to verify the return value of 'clk_get()', potentially leading to the dereferencing of error pointers in 'rt5682_clk_enable()'. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could cause a null pointer dereference, leading to a crash or undefined behavior in the audio driver.

Reproduction

To reproduce this vulnerability, load the ACP3X RT5682 MAX9836 audio driver without the error checks for clock acquisition. The driver will attempt to use clock resources without confirming their availability, which can result in dereferencing invalid pointers.

Remediation

The vulnerability has been addressed by modifying the driver to use 'devm_clk_get()', a device-managed function that automatically handles clock resource management. Additionally, proper error checks have been implemented for both clock acquisitions.