The bug resides in the ALSA usb-audio driver of the Linux kernel. The convert_chmap_v3() function processes USB audio descriptors by iterating over a buffer whose increment size is the descriptor length field, cs_desc->wLength. Because the driver does not validate that this field is within the bounds of the descriptor buffer, an attacker can supply a malformed descriptor that causes the loop to never terminate. An unbounded loop of this kind can consume CPU cycles and potentially freeze the kernel, resulting in a denial of service. The flaw is identified as a lack of proper input validation leading to an infinite loop, consistent with CWE-665.

Any Linux installation that includes the ALSA usb-audio module is affected. The advisories do not specify a particular kernel version, so the flaw may exist in older releases up to the current kernel at the time of the commit. Vendors such as those maintaining the upstream Linux kernel should confirm whether their produced images contain the patch. No specific third‑party product is mentioned.

The vulnerability requires control over a USB audio device that the system recognizes, meaning a local attacker with physical access to the machine can provide a malicious descriptor during device enumeration. The exploit would cause a prolonged CPU‑busy state or a system freeze, but it does not compromise confidentiality or integrity. EPSS is not available and the issue is not listed in the CISA KEV catalog, indicating no known active exploitation at this time. However, given the high impact of a denial of service in a production environment, the risk can be considered significant especially in sensitive or critical systems where uptime is essential.