CVE-2026-31620

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference occurs in the ALSA usx2y driver for the TASCAM US-144MKII device. A malicious USB device can provide a configuration containing bInterfaceNumber=1 without an interface 0. Because USB configuration descriptors do not require sequential interface numbering, the function usb ifnum to if(dev, 0) returns NULL, which is then dereferenced.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.