CVE-2026-23208

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ALSA subsystem related to USB audio handling. Specifically, an issue exists where the number of frames calculated for data URBs can exceed the allocated buffer size, leading to an out-of-bounds write condition. This occurs when a user constructs specific parameters, such as a maxpacksize of 40 for a rate of 22050 with a packets configuration resulting in a frame count exceeding the URB buffer size. The issue was identified through kernel address sanitizer (KASAN) testing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

AZL-77712

CVE-2026-23208

ECHO-B42C-0450-8B51

OESA-2026-1760

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1078-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

Affected Products

Linux Kernel

CVE-2026-23208

Weakness Enumeration

Related Identifiers

Affected Products

References · 1737