5.5
CVE-2026-46088
- EPSS 0.12%
- Veröffentlicht 27.05.2026 12:58:31
- Zuletzt bearbeitet 25.06.2026 21:15:11
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() snd_ctl_elem_init_enum_names() advances pointer p through the names buffer while decrementing buf_len. If buf_len reaches zero but items remain, the next iteration calls strnlen(p, 0). While strnlen(p, 0) returns 0 and would hit the existing name_len == 0 error path, CONFIG_FORTIFY_SOURCE's fortified strnlen() first checks maxlen against __builtin_dynamic_object_size(). When Clang loses track of p's object size inside the loop, this triggers a BRK exception panic before the return value is examined. Add a buf_len == 0 guard at the loop entry to prevent calling fortified strnlen() on an exhausted buffer. Found by kernel fuzz testing through Xiaomi Smartphone.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.2 < 5.10.258
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.209
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.175
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.140
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.86
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.27
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.024 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
https://git.kernel.org/stable/c/1fbe46d2b72754d8bd580e13e59ccb5d3d0e8cb0
https://git.kernel.org/stable/c/8ba0214c3dd32b8ec652947e3f2bc5b8f6e6be9e
https://git.kernel.org/stable/c/654c818a69c21d2bea4e8fd9eae7da865df9a5c8
https://git.kernel.org/stable/c/82012fd3e78a14360fbc2f1a7491589896704f97
https://git.kernel.org/stable/c/e0da8a8cac74f4b9f577979d131f0d2b88a84487
https://git.kernel.org/stable/c/708f6ec9bcdf58bfd561409110baaf4fd3be4ea3
https://git.kernel.org/stable/c/a470f7cabc4df72d9bd132f5719a8717292bb440
https://git.kernel.org/stable/c/bfcbb4994da9e979c4bcfcf24aaaac69e457e48e