CVE-2026-31620 - Vulnerability Details

- ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0

Description

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0

A malicious USB device with the TASCAM US-144MKII device id can have a
configuration containing bInterfaceNumber=1 but no interface 0. USB
configuration descriptors are not required to assign interface numbers
sequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will
then be dereferenced directly.

Fix this up by checking the return value properly.

Published: 2026-04-24

Score: 4.6 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the Linux kernel’s ALSA USB subsystem for the TASCAM US-144MKII device. When a device presents a configuration that declares interface 1 but omits interface 0, the kernel call usb_ifnum_to_if(dev, 0) returns NULL. This NULL pointer is dereferenced without a preceding validity check, causing a kernel panic. The resulting crash leads to a denial of service; no other impact such as privilege escalation is documented.

Affected Systems

All Linux kernels that include the ALSA USB driver prior to the patch commit are affected. The vendor is the Linux kernel (generic). No specific kernel version ranges are listed, so any kernel before the fix can be considered vulnerable.

Risk and Exploitability

The CVSS score of 4.6 indicates medium severity. The EPSS score of <1% shows exploitation probability is very low. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker must physically connect a malicious USB device to the target system to trigger the crash. The impact is a kernel panic resulting in a system reboot and loss of service; no privilege escalation is described.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`dee1bcf28a3dd13ddb2e9200407864f73e9c4d63`	affected	< 09b145c1f1331c40dc955c0024d636f25417cddb
`dee1bcf28a3dd13ddb2e9200407864f73e9c4d63`	affected	< fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602
`dee1bcf28a3dd13ddb2e9200407864f73e9c4d63`	affected	< d04dd67ab10dc978c6c843c6bd6a2a66a9444f51
`dee1bcf28a3dd13ddb2e9200407864f73e9c4d63`	affected	< 48bd344e1040b9f2eb512be73c13f5db83efc191

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.24`	unaffected	≤ 6.18.*
`6.19.14`	unaffected	≤ 6.19.*
`7.0.1`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[dee1bcf28a3dd13ddb2e9200407864f73e9c4d63,09b145c1f1331c40dc955c0024d636f25417cddb)`	affected	code_commit	—
`[dee1bcf28a3dd13ddb2e9200407864f73e9c4d63,fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602)`	affected	code_commit	—
`[dee1bcf28a3dd13ddb2e9200407864f73e9c4d63,d04dd67ab10dc978c6c843c6bd6a2a66a9444f51)`	affected	code_commit	—
`[dee1bcf28a3dd13ddb2e9200407864f73e9c4d63,48bd344e1040b9f2eb512be73c13f5db83efc191)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	generic	—
`[0,6.18)`	unaffected	generic	—
`[6.18.24,6.19.0)`	unaffected	semver	—
`[6.19.14,6.20.0)`	unaffected	semver	—
`[7.0.1,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the ALSA NULL deref fix (commit 09b145c1f1331c40dc955c0024d636f25417cddb or later).
If a kernel update is not immediately possible, block the problematic TASCAM device by adding a udev rule that rejects USB devices with the idVendor and idProduct corresponding to the TASCAM US-144MKII, or temporarily disable the ALSA USB driver for that device.
After applying the kernel update or patch, reboot the system to load the new kernel and ensure the issue is resolved.

Generated by OpenCVE AI on April 28, 2026 at 23:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00027.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/09b145c1f1331c40dc955c0024d636f25417cddb
https://git.kernel.org/stable/c/48bd344e1040b9f2eb512be73c13f5db83efc191
https://git.kernel.org/stable/c/d04dd67ab10dc978c6c843c6bd6a2a66a9444f51
https://git.kernel.org/stable/c/fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602
https://lore.kernel.org/linux-cve-announce/2026042425-CVE-2026-31620-8a5a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31620
https://www.cve.org/CVERecord?id=CVE-2026-31620

History

Tue, 28 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 27 Apr 2026 11:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/48bd344e1040b9f2eb512be73c13f5db83efc191

Sat, 25 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
References		https://lore.kernel.org/linux-cve-announce/2026042425-CVE-2026-31620-8a5a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31620 https://www.cve.org/CVERecord?id=CVE-2026-31620
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Fri, 24 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configuration descriptors are not required to assign interface numbers sequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will then be dereferenced directly. Fix this up by checking the return value properly.
Title		ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/09b145c1f1331c40dc955c0024d636f25417cddb https://git.kernel.org/stable/c/d04dd67ab10dc978c6c843c6bd6a2a66a9444f51 https://git.kernel.org/stable/c/fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-24T14:42:38.607Z

Updated: 2026-05-11T22:12:19.891Z

Reserved: 2026-03-09T15:48:24.123Z

Link: CVE-2026-31620

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-24T15:16:41.280

Modified: 2026-04-28T14:11:42.397

Link: CVE-2026-31620

Redhat

Severity : Moderate

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31620 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-28T23:45:16Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object