CVE-2026-46146 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() The convert_chmap_v3() has a loop with its increment size of cs_desc->wLength, but we forgot to validate cs_desc->wLength itself, which may lead to potential endless loop by a malformed descriptor. Add a proper size check to abort the loop for plugging the hole.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-28 | Updated 2026-06-01 | Assigner Linux

Product status

Default status

unaffected

786571b10b1ae6d90e1242848ce78ee7e1d493c4 (git) before 076d5d13eb9c1ad259a7f246149f6676c62285f9

affected

275e37532e8ebe25e8a4069b2d9f955bfd202a46 (git) before 316aa0b1e3c5600eae5ab876394c1ac70e6db581

affected

47ab3d820cb0a502bd0074f83bb3cf7ab5d79902 (git) before 24a40df79307ca7ca0eec0889361cf6ac146d72a

affected

1034719fdefd26caeec0a44a868bb5a412c2c1a5 (git) before e0e3dcf48189603f3865f1a0b799b3b42baae96d

affected

ae17b3b5e753efc239421d186cd1ff06e5ac296e (git) before 4e0ee232ebe3df04874125d7c7f3e6c25ea5483d

affected

ecfd41166b72b67d3bdeb88d224ff445f6163869 (git) before be09b47ed8677d76962e3240c145502e2ad9f3c8

affected

ecfd41166b72b67d3bdeb88d224ff445f6163869 (git) before fa5b19ce69067874b1413f3c2027563bae8c2cb3

affected

ecfd41166b72b67d3bdeb88d224ff445f6163869 (git) before 6e7247d8f5fefeceb0bb9cc80a5388a636b219cd

affected

799c06ad4c9c790c265e8b6b94947213f1fb389c (git)

affected

dfdcbcde5c20df878178245d4449feada7d5b201 (git)

affected

7ef3fd250f84494fb2f7871f357808edaa1fc6ce (git)

affected

5.10.241 (semver) before 5.10.258

affected

5.15.190 (semver) before 5.15.209

affected

6.1.149 (semver) before 6.1.175

affected

6.6.103 (semver) before 6.6.140

affected

6.12.43 (semver) before 6.12.88

affected

5.4.297 (semver) before 5.5

affected

6.15.11 (semver) before 6.16

affected

6.16.2 (semver) before 6.17

affected

Default status

affected

6.17

affected

Any version before 6.17

unaffected

5.10.258 (semver)

unaffected

5.15.209 (semver)

unaffected

6.1.175 (semver)

unaffected

6.6.140 (semver)

unaffected

6.12.88 (semver)

unaffected

6.18.30 (semver)

unaffected

7.0.7 (semver)

unaffected

7.1-rc2 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/076d5d13eb9c1ad259a7f246149f6676c62285f9

git.kernel.org/...c/316aa0b1e3c5600eae5ab876394c1ac70e6db581

git.kernel.org/...c/24a40df79307ca7ca0eec0889361cf6ac146d72a

git.kernel.org/...c/e0e3dcf48189603f3865f1a0b799b3b42baae96d

git.kernel.org/...c/4e0ee232ebe3df04874125d7c7f3e6c25ea5483d

git.kernel.org/...c/be09b47ed8677d76962e3240c145502e2ad9f3c8

git.kernel.org/...c/fa5b19ce69067874b1413f3c2027563bae8c2cb3

git.kernel.org/...c/6e7247d8f5fefeceb0bb9cc80a5388a636b219cd

cve.org (CVE-2026-46146)

nvd.nist.gov (CVE-2026-46146)

Download JSON