In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: stop...

CVE-2026-46018 → View on GitHub ↗ View on CVE.org ↗ View on NVD ↗

Description

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES

parse_uac2_sample_rate_range() caps the number of enumerated
rates at MAX_NR_RATES, but it only breaks out of the current
rate loop. A malformed UAC2 RANGE response with additional
triplets continues parsing the remaining triplets and repeatedly
prints "invalid uac2 rates" while probe still holds
register_mutex.

Stop the whole parse once the cap is reached and return the
number of rates collected so far.

Basic information

Type: unreviewed
Severity: unknown
Advisory on GitHub: Open advisory ↗
Repository advisory: —
Source code: Not specified
Published (advisory): 2026-05-27 15:33:20 UTC
Updated: 2026-06-01 18:31:35 UTC
NVD published: 2026-05-27 14:17:20 UTC

EPSS Score

Score	Percentile
0.04%	11.30%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

Type	Value
GHSA	GHSA-fgw2-9pf4-66rf ↗
CVE	CVE-2026-46018 ↗

References

cvelogic Threat Intelligence