CVE-2026-31620

Published: Apr 24, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configuration descriptors are not required to assign interface numbers sequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will then be dereferenced directly. Fix this up by checking the return value properly.

Vendor	Product	Versions
Linux	Linux	affected `dee1bcf28a3dd13ddb2e9200407864f73e9c4d63 - < 09b145c1f1331c40dc955c0024d636f25417cddb` affected `dee1bcf28a3dd13ddb2e9200407864f73e9c4d63 - < fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602` affected `dee1bcf28a3dd13ddb2e9200407864f73e9c4d63 - < d04dd67ab10dc978c6c843c6bd6a2a66a9444f51` affected `dee1bcf28a3dd13ddb2e9200407864f73e9c4d63 - < 48bd344e1040b9f2eb512be73c13f5db83efc191`
Linux	Linux	affected `6.18` unaffected `0 - < 6.18` unaffected `6.18.24 - <= 6.18.` unaffected `6.19.14 - <= 6.19.` unaffected `7.0.1 - <= 7.0.*` +1 more versions

References

https://git.kernel.org/stable/c/09b145c1f1331c40dc955c0024d636f25417cddb

https://git.kernel.org/stable/c/fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602

https://git.kernel.org/stable/c/d04dd67ab10dc978c6c843c6bd6a2a66a9444f51

https://git.kernel.org/stable/c/48bd344e1040b9f2eb512be73c13f5db83efc191

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-31620

Description

Affected Products

References