CVE-2026-23318

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s ALSA subsystem related to USB audio handling. Specifically, the validator table for UAC3 AC header descriptors incorrectly uses UAC VERSION 2 instead of UAC VERSION 3. This causes header descriptors from UAC3 devices to bypass validation, potentially leading to out-of-bounds reads when the driver accesses unvalidated descriptor fields. A malicious USB device presenting a crafted header could exploit this issue. The root cause is a copy-paste error during the creation of the UAC3 section from the UAC2 section.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.