CVE-2026-23318
Published: Mar 25, 2026
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UAC_VERSION_2, while it should have been UAC_VERSION_3. This results in the validator never matching for actual UAC3 devices (protocol == UAC_VERSION_3), causing their header descriptors to bypass validation entirely. A malicious USB device presenting a truncated UAC3 header could exploit this to cause out-of-bounds reads when the driver later accesses unvalidated descriptor fields. The bug was introduced in the same commit as the recently fixed UAC3 feature unit sub-type typo, and appears to be from the same copy-paste error when the UAC3 section was created from the UAC2 section.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 57f8770620e9b51c61089751f0b5ad3dbe376ff2 - < 82a7d0a1b88798de1a609130080ce0c65dd869e9affected 57f8770620e9b51c61089751f0b5ad3dbe376ff2 - < 8307d93e63d5f54ef10412d4db2dd551e920dee4affected 57f8770620e9b51c61089751f0b5ad3dbe376ff2 - < 0dcd1ed96c03459cf14706885c9dd3c1fd8bd29faffected 57f8770620e9b51c61089751f0b5ad3dbe376ff2 - < a0c6ae2ea84528f198bf7fd0117f12fd0cf6d7ccaffected 57f8770620e9b51c61089751f0b5ad3dbe376ff2 - < d3904ca40515272681ae61ad6f561c24f190957f+7 more versions |
Linux | Linux | affected 5.4unaffected 0 - < 5.4unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now