CVE-2026-46018 PUBLISHED

ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES

parse_uac2_sample_rate_range() caps the number of enumerated rates at MAX_NR_RATES, but it only breaks out of the current rate loop. A malformed UAC2 RANGE response with additional triplets continues parsing the remaining triplets and repeatedly prints "invalid uac2 rates" while probe still holds register_mutex.

Stop the whole parse once the cap is reached and return the number of rates collected so far.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 4fa0e81b83503900be277e6273a79651b375e288 to ab5ba9fd138758ddc50222264ff246b31e397abf (excl.)
  • affected from 4fa0e81b83503900be277e6273a79651b375e288 to ba036305323814ec1f8655313b2fa6a0f7048716 (excl.)
  • affected from 4fa0e81b83503900be277e6273a79651b375e288 to 4d7893a137eadb6163ea4298bf67d74b811d76ef (excl.)
  • affected from 4fa0e81b83503900be277e6273a79651b375e288 to a0b78639ef09b2e77974a3de3b1c07f6de3c5e56 (excl.)
  • affected from 4fa0e81b83503900be277e6273a79651b375e288 to 3c318f97dcc50b2e0556a1813bd6958678e881fd (excl.)
  • Version 44f059fb742aac78cffdab5e0d8fe0c9910c1ded is affected
  • Version c25a53781f61c78bf2a2fa308bbd35b42ba346f6 is affected
  • affected from 3.0.81 to 3.1 (excl.)
  • affected from 3.2.47 to 3.3 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 3.3 is affected
  • unaffected from 0 to 3.3 (excl.)
  • unaffected from 6.6.140 to 6.6.* (incl.)
  • unaffected from 6.12.86 to 6.12.* (incl.)
  • unaffected from 6.18.27 to 6.18.* (incl.)
  • unaffected from 7.0.4 to 7.0.* (incl.)
  • unaffected from 7.1-rc1 to * (incl.)

References