7.1

CVE-2026-23318

EPSS 0.02%
Veröffentlicht 25.03.2026 10:27:12
Zuletzt bearbeitet 23.04.2026 21:05:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ALSA: usb-audio: Use correct version for UAC3 header validation

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Use correct version for UAC3 header validation

The entry of the validators table for UAC3 AC header descriptor is
defined with the wrong protocol version UAC_VERSION_2, while it should
have been UAC_VERSION_3.  This results in the validator never matching
for actual UAC3 devices (protocol == UAC_VERSION_3), causing their
header descriptors to bypass validation entirely.  A malicious USB
device presenting a truncated UAC3 header could exploit this to cause
out-of-bounds reads when the driver later accesses unvalidated
descriptor fields.

The bug was introduced in the same commit as the recently fixed UAC3
feature unit sub-type typo, and appears to be from the same copy-paste
error when the UAC3 section was created from the UAC2 section.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

NVD 17 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.19.84 < 4.20

Linux ≫ Linux Kernel Version >= 5.3.11 < 5.4

Linux ≫ Linux Kernel Version >= 5.4.1 < 5.10.253

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.203

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.167

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.130

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.77

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.17

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.7

Linux ≫ Linux Kernel Version5.4 Update-

Linux ≫ Linux Kernel Version7.0 Updaterc1

Linux ≫ Linux Kernel Version7.0 Updaterc2

Linux ≫ Linux Kernel Version7.0 Updaterc3

Linux ≫ Linux Kernel Version7.0 Updaterc4

Linux ≫ Linux Kernel Version7.0 Updaterc5

Linux ≫ Linux Kernel Version7.0 Updaterc6

Linux ≫ Linux Kernel Version7.0 Updaterc7

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.034

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/0dcd1ed96c03459cf14706885c9dd3c1fd8bd29f

Patch

https://git.kernel.org/stable/c/a0c6ae2ea84528f198bf7fd0117f12fd0cf6d7cc

Patch

https://git.kernel.org/stable/c/d3904ca40515272681ae61ad6f561c24f190957f

Patch

https://git.kernel.org/stable/c/1e5753ff4c2e86aa88516f97a224c90a3d0b133e

Patch

https://git.kernel.org/stable/c/499ffd15b00dc91ac95c28f76959dfb5cdcc84d5

Patch

https://git.kernel.org/stable/c/54f9d645a5453d0bfece0c465d34aaf072ea99fa

Patch

https://git.kernel.org/stable/c/82a7d0a1b88798de1a609130080ce0c65dd869e9

Patch

https://git.kernel.org/stable/c/8307d93e63d5f54ef10412d4db2dd551e920dee4

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-23318

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23318

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23318

EUVD