DEBIAN-CVE-2026-43412

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. On ADSP stop, the q6apm-audio .remove callback unloads topology and removes PCM runtimes during ASoC teardown. This deletes the RTDs that contain the q6apm DAI components before their removal pass runs, leaving those components still linked to the card and causing crashes on the next rebind. Fix this by ensuring that all dependent (child) components are removed first, and the q6apm component is removed last. [ 48.105720] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 [ 48.114763] Mem abort info: [ 48.117650] ESR = 0x0000000096000004 [ 48.121526] EC = 0x25: DABT (current EL), IL = 32 bits [ 48.127010] SET = 0, FnV = 0 [ 48.130172] EA = 0, S1PTW = 0 [ 48.133415] FSC = 0x04: level 0 translation fault [ 48.138446] Data abort info: [ 48.141422] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 48.147079] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 48.152354] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 48.157859] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001173cf000 [ 48.164517] [00000000000000d0] pgd=0000000000000000, p4d=0000000000000000 [ 48.171530] Internal error: Oops: 0000000096000004 [#1] SMP [ 48.177348] Modules linked in: q6prmclocks q6apmlpassdais q6apmdai sndq6dspcommon q6prm sndq6apm 8021q garp mrp stp llc sndsochdmicodec apr pdrinterface phyqcomedp fastrpc qcompdmapper rpmsgctrl qrtrsmd rpmsgchar qcompdrmsg qcomiris v4l2mem2mem videobuf2dmacontig ath11kpci msm ubwcconfig at24 ath11k videobuf2memops mac80211 ocmem videobuf2v4l2 libarc4 drmgpuvm mhi qrtr videodev drmexec sndsocsc8280xp gpusched videobuf2common nvmemqcomspmisdam sndsocqcomsdw drmdpauxbus qcomq6v5pas qcomspmitempalarm sndsocqcomcommon rtcpm8xxx qcompon drmdisplayhelper cec qcompilinfo qcomstats soundwirebus drmclientlib mc dispcc0sa8775p videoccsa8775p qcomq6v5 camccsa8775p sndsocdmic phyqcomsgmiieth sndsocmax98357a i2cqcomgeni sndsoccore dwmacqcomethqos llccqcom iccbwmon qcomsysmon sndcompress qcomrefgenregulator coresightstm stmmacplatform sndpcmdmaengine qcomcommon coresighttmc stmmac coresightreplicator qcomglinksmem coresightcti stmcore [ 48.177444] coresightfunnel sndpcm ufsqcom phyqcomqmpusb gpi phyqcomsnpsfemtov2 coresight phyqcomqmpufs qcomwdt gpuccsa8775p pcsxpcs mdtloader qcomice iccosml3 qmihelpers sndtimer snd soundcore displayconnector qcomrng nvmemrebootmode drmkmshelper phyqcomqmppcie sha256 cfg80211 rfkill socinfo fuse drm backlight ipv6 [ 48.301059] CPU: 2 UID: 0 PID: 293 Comm: kworker/u32:2 Not tainted 6.19.0-rc6-dirty #10 PREEMPT [ 48.310081] Hardware name: Qualcomm Technologies, Inc. Lemans EVK (DT) [ 48.316782] Workqueue: pdrnotifierwq pdrnotifierwork [pdrinterface] [ 48.323672] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 48.330825] pc : mutexlock+0xc/0x54 [ 48.334514] lr : socdapmshutdowndapm+0x44/0x174 [sndsoc_core] [ 48.340794] sp : ffff800084ddb7b0 [ 48.344207] x29: ffff800084ddb7b0 x28: ffff00009cd9cf30 x27: ffff00009cd9cc00 [ 48.351544] x26: ffff000099610190 x25: ffffa31d2f19c810 x24: ffffa31d2f185098 [ 48.358869] x23: ffff800084ddb7f8 x22: 0000000000000000 x21: 00000000000000d0 [ 48.366198] x20: ffff00009ba6c338 x19: ffff00009ba6c338 x18: 00000000ffffffff [ 48.373528] x17: 000000040044ffff x16: ffffa31d4ae6dca8 x15: 072007740775076f [ 48.380853] x14: 0765076d07690774 x13: 00313a323a656369 x12: 767265733a637673 [ 48.388182] x11: 00000000000003f9 x10: ffffa31d4c7dea98 x9 : 0000000000000001 [ 48.395519] x8 : ffff00009a2aadc0 x7 : 0000000000000003 x6 : 0000000000000000 [ 48.402854] x5 : 0000000000000 ---truncated---