CVE-2026-46088
Published: May 27, 2026
Modified: Jun 1, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() snd_ctl_elem_init_enum_names() advances pointer p through the names buffer while decrementing buf_len. If buf_len reaches zero but items remain, the next iteration calls strnlen(p, 0). While strnlen(p, 0) returns 0 and would hit the existing name_len == 0 error path, CONFIG_FORTIFY_SOURCE's fortified strnlen() first checks maxlen against __builtin_dynamic_object_size(). When Clang loses track of p's object size inside the loop, this triggers a BRK exception panic before the return value is examined. Add a buf_len == 0 guard at the loop entry to prevent calling fortified strnlen() on an exhausted buffer. Found by kernel fuzz testing through Xiaomi Smartphone.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4 - < 708f6ec9bcdf58bfd561409110baaf4fd3be4ea3affected 8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4 - < bfcbb4994da9e979c4bcfcf24aaaac69e457e48eaffected 8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4 - < a470f7cabc4df72d9bd132f5719a8717292bb440affected 8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4 - < 1fbe46d2b72754d8bd580e13e59ccb5d3d0e8cb0affected 8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4 - < 8ba0214c3dd32b8ec652947e3f2bc5b8f6e6be9e+3 more versions |
Linux | Linux | affected 3.2unaffected 0 - < 3.2unaffected 5.10.258 - <= 5.10.*unaffected 5.15.209 - <= 5.15.*unaffected 6.1.175 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now