Home

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UAC_VERSION_2, while it should have been UAC_VERSION_3. This results in the validator never matching for actual UAC3 devices (protocol == UAC_VERSION_3), causing their header descriptors to bypass validation entirely. A malicious USB device presenting a truncated UAC3 header could exploit this to cause out-of-bounds reads when the driver later accesses unvalidated descriptor fields. The bug was introduced in the same commit as the recently fixed UAC3 feature unit sub-type typo, and appears to be from the same copy-paste error when the UAC3 section was created from the UAC2 section.

PUBLISHED Reserved 2026-01-13 | Published 2026-03-25 | Updated 2026-05-23 | Assigner Linux

Product status

Default status
unaffected

57f8770620e9b51c61089751f0b5ad3dbe376ff2 (git) before 82a7d0a1b88798de1a609130080ce0c65dd869e9
affected

57f8770620e9b51c61089751f0b5ad3dbe376ff2 (git) before 8307d93e63d5f54ef10412d4db2dd551e920dee4
affected

57f8770620e9b51c61089751f0b5ad3dbe376ff2 (git) before 0dcd1ed96c03459cf14706885c9dd3c1fd8bd29f
affected

57f8770620e9b51c61089751f0b5ad3dbe376ff2 (git) before a0c6ae2ea84528f198bf7fd0117f12fd0cf6d7cc
affected

57f8770620e9b51c61089751f0b5ad3dbe376ff2 (git) before d3904ca40515272681ae61ad6f561c24f190957f
affected

57f8770620e9b51c61089751f0b5ad3dbe376ff2 (git) before 1e5753ff4c2e86aa88516f97a224c90a3d0b133e
affected

57f8770620e9b51c61089751f0b5ad3dbe376ff2 (git) before 499ffd15b00dc91ac95c28f76959dfb5cdcc84d5
affected

57f8770620e9b51c61089751f0b5ad3dbe376ff2 (git) before 54f9d645a5453d0bfece0c465d34aaf072ea99fa
affected

17821e2fb16752f5d363fb5c3f8aab4df41b9bcc (git)
affected

bf74a46aebb1b5ab5e5f25bafa4ae0a453ba813a (git)
affected

4.19.84 (semver) before 4.20
affected

5.3.11 (semver) before 5.4
affected

Default status
affected

5.4
affected

Any version before 5.4
unaffected

5.10.253 (semver)
unaffected

5.15.203 (semver)
unaffected

6.1.167 (semver)
unaffected

6.6.130 (semver)
unaffected

6.12.77 (semver)
unaffected

6.18.17 (semver)
unaffected

6.19.7 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/82a7d0a1b88798de1a609130080ce0c65dd869e9

git.kernel.org/...c/8307d93e63d5f54ef10412d4db2dd551e920dee4

git.kernel.org/...c/0dcd1ed96c03459cf14706885c9dd3c1fd8bd29f

git.kernel.org/...c/a0c6ae2ea84528f198bf7fd0117f12fd0cf6d7cc

git.kernel.org/...c/d3904ca40515272681ae61ad6f561c24f190957f

git.kernel.org/...c/1e5753ff4c2e86aa88516f97a224c90a3d0b133e

git.kernel.org/...c/499ffd15b00dc91ac95c28f76959dfb5cdcc84d5

git.kernel.org/...c/54f9d645a5453d0bfece0c465d34aaf072ea99fa

cve.org (CVE-2026-23318)

nvd.nist.gov (CVE-2026-23318)

Download JSON