CVE-2026-31620 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configuration descriptors are not required to assign interface numbers sequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will then be dereferenced directly. Fix this up by checking the return value properly.

PUBLISHED Reserved 2026-03-09 | Published 2026-04-24 | Updated 2026-05-11 | Assigner Linux

Product status

Default status

unaffected

dee1bcf28a3dd13ddb2e9200407864f73e9c4d63 (git) before 09b145c1f1331c40dc955c0024d636f25417cddb

affected

dee1bcf28a3dd13ddb2e9200407864f73e9c4d63 (git) before fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602

affected

dee1bcf28a3dd13ddb2e9200407864f73e9c4d63 (git) before d04dd67ab10dc978c6c843c6bd6a2a66a9444f51

affected

dee1bcf28a3dd13ddb2e9200407864f73e9c4d63 (git) before 48bd344e1040b9f2eb512be73c13f5db83efc191

affected

Default status

affected

6.18

affected

Any version before 6.18

unaffected

6.18.24 (semver)

unaffected

6.19.14 (semver)

unaffected

7.0.1 (semver)

unaffected

7.1-rc1 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/09b145c1f1331c40dc955c0024d636f25417cddb

git.kernel.org/...c/fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602

git.kernel.org/...c/d04dd67ab10dc978c6c843c6bd6a2a66a9444f51

git.kernel.org/...c/48bd344e1040b9f2eb512be73c13f5db83efc191

cve.org (CVE-2026-31620)

nvd.nist.gov (CVE-2026-31620)

Download JSON

help @ threatint.eu