CVE-2026-46018

MEDIUM EPSS 5.1%
Published May 27, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES parse_uac2_sample_rate_range() caps the number of enumerated rates at MAX_NR_RATES, but it only breaks out of the current rate loop. A malformed UAC2 RANGE response with additional triplets continues parsing the remaining triplets and repeatedly prints "invalid uac2 rates" while probe still holds register_mutex. Stop the whole parse once the cap is reached and return the number of rates collected so far.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥3.0.81  –  <3.1
linuxlinux_kernel*≥3.2.47  –  <5.10.258
linuxlinux_kernel*≥5.11  –  <5.15.209
linuxlinux_kernel*≥5.16  –  <6.1.175
linuxlinux_kernel*≥6.2  –  <6.6.140
linuxlinux_kernel*≥6.7  –  <6.12.86
linuxlinux_kernel*≥6.13  –  <6.18.27
linuxlinux_kernel*≥6.19  –  <7.0.4

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0da05fedf5e1966b7e7d389866cb86fcf09f4b32
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c318f97dcc50b2e0556a1813bd6958678e881fd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4d7893a137eadb6163ea4298bf67d74b811d76ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5436bc1b07d4656f99412dc72871d250d7d55205
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a0b78639ef09b2e77974a3de3b1c07f6de3c5e56
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab5ba9fd138758ddc50222264ff246b31e397abf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ba036305323814ec1f8655313b2fa6a0f7048716
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f14bd323eec4b4f0ef662520ec852e593ece1d4c
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0da05fedf5e1966b7e7d389866cb86fcf09f4b32
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c318f97dcc50b2e0556a1813bd6958678e881fd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4d7893a137eadb6163ea4298bf67d74b811d76ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5436bc1b07d4656f99412dc72871d250d7d55205
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a0b78639ef09b2e77974a3de3b1c07f6de3c5e56
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab5ba9fd138758ddc50222264ff246b31e397abf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ba036305323814ec1f8655313b2fa6a0f7048716
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f14bd323eec4b4f0ef662520ec852e593ece1d4c
    Patch