CVE-2026-23318
- Source
- https://cve.org/CVERecord?id=CVE-2026-23318
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23318.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-23318
- Downstream
- Published
- 2026-03-25T10:27:12.884Z
- Modified
- 2026-04-02T13:12:21.263855Z
- Summary
- ALSA: usb-audio: Use correct version for UAC3 header validation
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Use correct version for UAC3 header validation
The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This results in the validator never matching for actual UAC3 devices (protocol == UACVERSION3), causing their header descriptors to bypass validation entirely. A malicious USB device presenting a truncated UAC3 header could exploit this to cause out-of-bounds reads when the driver later accesses unvalidated descriptor fields.
The bug was introduced in the same commit as the recently fixed UAC3 feature unit sub-type typo, and appears to be from the same copy-paste error when the UAC3 section was created from the UAC2 section.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23318.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0dcd1ed96c03459cf14706885c9dd3c1fd8bd29f
- https://git.kernel.org/stable/c/1e5753ff4c2e86aa88516f97a224c90a3d0b133e
- https://git.kernel.org/stable/c/499ffd15b00dc91ac95c28f76959dfb5cdcc84d5
- https://git.kernel.org/stable/c/54f9d645a5453d0bfece0c465d34aaf072ea99fa
- https://git.kernel.org/stable/c/a0c6ae2ea84528f198bf7fd0117f12fd0cf6d7cc
- https://git.kernel.org/stable/c/d3904ca40515272681ae61ad6f561c24f190957f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23318.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23318
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced57f8770620e9b51c61089751f0b5ad3dbe376ff2Fixed0dcd1ed96c03459cf14706885c9dd3c1fd8bd29fFixeda0c6ae2ea84528f198bf7fd0117f12fd0cf6d7ccFixedd3904ca40515272681ae61ad6f561c24f190957fFixed1e5753ff4c2e86aa88516f97a224c90a3d0b133eFixed499ffd15b00dc91ac95c28f76959dfb5cdcc84d5Fixed54f9d645a5453d0bfece0c465d34aaf072ea99fa
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected17821e2fb16752f5d363fb5c3f8aab4df41b9bccLast affectedbf74a46aebb1b5ab5e5f25bafa4ae0a453ba813a