7.1

CVE-2026-23318

ALSA: usb-audio: Use correct version for UAC3 header validation

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Use correct version for UAC3 header validation

The entry of the validators table for UAC3 AC header descriptor is
defined with the wrong protocol version UAC_VERSION_2, while it should
have been UAC_VERSION_3.  This results in the validator never matching
for actual UAC3 devices (protocol == UAC_VERSION_3), causing their
header descriptors to bypass validation entirely.  A malicious USB
device presenting a truncated UAC3 header could exploit this to cause
out-of-bounds reads when the driver later accesses unvalidated
descriptor fields.

The bug was introduced in the same commit as the recently fixed UAC3
feature unit sub-type typo, and appears to be from the same copy-paste
error when the UAC3 section was created from the UAC2 section.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.84 < 4.20
LinuxLinux Kernel Version >= 5.3.11 < 5.4
LinuxLinux Kernel Version >= 5.4.1 < 5.10.253
LinuxLinux Kernel Version >= 5.11 < 5.15.203
LinuxLinux Kernel Version >= 5.16 < 6.1.167
LinuxLinux Kernel Version >= 6.2 < 6.6.130
LinuxLinux Kernel Version >= 6.7 < 6.12.77
LinuxLinux Kernel Version >= 6.13 < 6.18.17
LinuxLinux Kernel Version >= 6.19 < 6.19.7
LinuxLinux Kernel Version5.4 Update-
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.03
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/0dcd1ed96c03459cf14706885c9dd3c1fd8bd29f
Patch
https://git.kernel.org/stable/c/a0c6ae2ea84528f198bf7fd0117f12fd0cf6d7cc
Patch
https://git.kernel.org/stable/c/d3904ca40515272681ae61ad6f561c24f190957f
Patch
https://git.kernel.org/stable/c/1e5753ff4c2e86aa88516f97a224c90a3d0b133e
Patch
https://git.kernel.org/stable/c/499ffd15b00dc91ac95c28f76959dfb5cdcc84d5
Patch
https://git.kernel.org/stable/c/54f9d645a5453d0bfece0c465d34aaf072ea99fa
Patch
https://git.kernel.org/stable/c/82a7d0a1b88798de1a609130080ce0c65dd869e9
Patch
https://git.kernel.org/stable/c/8307d93e63d5f54ef10412d4db2dd551e920dee4
Patch