7.8

CVE-2026-23078

ALSA: scarlett2: Fix buffer overflow in config retrieval

In the Linux kernel, the following vulnerability has been resolved:

ALSA: scarlett2: Fix buffer overflow in config retrieval

The scarlett2_usb_get_config() function has a logic error in the
endianness conversion code that can cause buffer overflows when
count > 1.

The code checks `if (size == 2)` where `size` is the total buffer size in
bytes, then loops `count` times treating each element as u16 (2 bytes).
This causes the loop to access `count * 2` bytes when the buffer only
has `size` bytes allocated.

Fix by checking the element size (config_item->size) instead of the
total buffer size. This ensures the endianness conversion matches the
actual element type.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.14 < 5.15.199
LinuxLinux Kernel Version >= 5.16 < 6.1.162
LinuxLinux Kernel Version >= 6.2 < 6.6.122
LinuxLinux Kernel Version >= 6.7 < 6.12.68
LinuxLinux Kernel Version >= 6.13 < 6.18.8
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.039
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/91a756d22f0482eac5bedb113c8922f90b254449
Patch
https://git.kernel.org/stable/c/27049f50be9f5ae3a62d272128ce0b381cb26a24
Patch
https://git.kernel.org/stable/c/31a3eba5c265a763260976674a22851e83128f6d
Patch
https://git.kernel.org/stable/c/6f5c69f72e50d51be3a8c028ae7eda42c82902cb
Patch
https://git.kernel.org/stable/c/51049f6e3f05d70660e2458ad3bb302a3721b751
Patch
https://git.kernel.org/stable/c/d5e80d1f97ae55bcea1426f551e4419245b41b9c
Patch