5.5

CVE-2026-46088

ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()

In the Linux kernel, the following vulnerability has been resolved:

ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()

snd_ctl_elem_init_enum_names() advances pointer p through the names
buffer while decrementing buf_len. If buf_len reaches zero but items
remain, the next iteration calls strnlen(p, 0).

While strnlen(p, 0) returns 0 and would hit the existing name_len == 0
error path, CONFIG_FORTIFY_SOURCE's fortified strnlen() first checks
maxlen against __builtin_dynamic_object_size(). When Clang loses track
of p's object size inside the loop, this triggers a BRK exception panic
before the return value is examined.

Add a buf_len == 0 guard at the loop entry to prevent calling fortified
strnlen() on an exhausted buffer.

Found by kernel fuzz testing through Xiaomi Smartphone.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.2 < 5.10.258
LinuxLinux Kernel Version >= 5.11 < 5.15.209
LinuxLinux Kernel Version >= 5.16 < 6.1.175
LinuxLinux Kernel Version >= 6.2 < 6.6.140
LinuxLinux Kernel Version >= 6.7 < 6.12.86
LinuxLinux Kernel Version >= 6.13 < 6.18.27
LinuxLinux Kernel Version >= 6.19 < 7.0.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/1fbe46d2b72754d8bd580e13e59ccb5d3d0e8cb0
Patch
https://git.kernel.org/stable/c/8ba0214c3dd32b8ec652947e3f2bc5b8f6e6be9e
Patch
https://git.kernel.org/stable/c/654c818a69c21d2bea4e8fd9eae7da865df9a5c8
Patch
https://git.kernel.org/stable/c/82012fd3e78a14360fbc2f1a7491589896704f97
Patch
https://git.kernel.org/stable/c/e0da8a8cac74f4b9f577979d131f0d2b88a84487
Patch
https://git.kernel.org/stable/c/708f6ec9bcdf58bfd561409110baaf4fd3be4ea3
Patch
https://git.kernel.org/stable/c/a470f7cabc4df72d9bd132f5719a8717292bb440
Patch
https://git.kernel.org/stable/c/bfcbb4994da9e979c4bcfcf24aaaac69e457e48e
Patch