CVE-2026-23318

HIGH EPSS 3.1%
Published Mar 25, 20263mo ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UAC_VERSION_2, while it should have been UAC_VERSION_3. This results in the validator never matching for actual UAC3 devices (protocol == UAC_VERSION_3), causing their header descriptors to bypass validation entirely. A malicious USB device presenting a truncated UAC3 header could exploit this to cause out-of-bounds reads when the driver later accesses unvalidated descriptor fields. The bug was introduced in the same commit as the recently fixed UAC3 feature unit sub-type typo, and appears to be from the same copy-paste error when the UAC3 section was created from the UAC2 section.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 17

VendorProductVersionRange
linuxlinux_kernel*≥4.19.84  –  <4.20
linuxlinux_kernel*≥5.3.11  –  <5.4
linuxlinux_kernel*≥5.4.1  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.77
linuxlinux_kernel*≥6.13  –  <6.18.17
linuxlinux_kernel*≥6.19  –  <6.19.7
linuxlinux_kernel5.4any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0dcd1ed96c03459cf14706885c9dd3c1fd8bd29f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1e5753ff4c2e86aa88516f97a224c90a3d0b133e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/499ffd15b00dc91ac95c28f76959dfb5cdcc84d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/54f9d645a5453d0bfece0c465d34aaf072ea99fa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82a7d0a1b88798de1a609130080ce0c65dd869e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8307d93e63d5f54ef10412d4db2dd551e920dee4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a0c6ae2ea84528f198bf7fd0117f12fd0cf6d7cc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3904ca40515272681ae61ad6f561c24f190957f
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0dcd1ed96c03459cf14706885c9dd3c1fd8bd29f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1e5753ff4c2e86aa88516f97a224c90a3d0b133e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/499ffd15b00dc91ac95c28f76959dfb5cdcc84d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/54f9d645a5453d0bfece0c465d34aaf072ea99fa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82a7d0a1b88798de1a609130080ce0c65dd869e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8307d93e63d5f54ef10412d4db2dd551e920dee4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a0c6ae2ea84528f198bf7fd0117f12fd0cf6d7cc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3904ca40515272681ae61ad6f561c24f190957f
    Patch