Description
In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

The convert_chmap_v3() has a loop with its increment size of
cs_desc->wLength, but we forgot to validate cs_desc->wLength itself,
which may lead to potential endless loop by a malformed descriptor.

Add a proper size check to abort the loop for plugging the hole.
Published: 2026-05-28
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ALSA usb‑audio driver in the Linux kernel contains a loop in convert_chmap_v3() that steps through data using the descriptor length field, cs_desc->wLength. Because the code does not verify that this field is within the bounds of the descriptor buffer, a crafted descriptor can cause the loop never to terminate. The result is an unbounded CPU‑bound operation that can starve other kernel work and may effectively freeze the system. The flaw is a classic case of unchecked input leading to an infinite loop, consistent with CWE‑606 and CWE‑835.

Affected Systems

All Linux systems that load the snd‑usb‑audio module are potentially affected. The advisory does not specify a kernel version, so the issue may exist in any release prior to the commit that introduced the fix. Users of distributions that provide the upstream kernel should verify whether their current image includes the patch from commit 4e0ee232ebe3df04874125d7c7f3e6c25ea5483d.

Risk and Exploitability

Based on the description, it is inferred that the attacker needs to provide a malicious USB audio device that can be enumerated by the kernel. The likely attack vector is either physical connection of such a device or remote exploitation if USB passthrough is enabled. The vulnerability can cause an infinite loop, leading to a CPU‑bound denial of service; the EPSS score of < 1% indicates a very low likelihood of exploitation in the wild. The CVSS score of 5.5 places the vulnerability in the medium severity range, and the impact on availability is significant for uptime‑critical environments. The vulnerability is not currently listed in the CISA KEV catalog, meaning no known public exploitation has been reported.

Generated by OpenCVE AI on June 10, 2026 at 23:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that includes the convert_chmap_v3() fix (for example, by applying the patch from commit 4e0ee232ebe3df04874125d7c7f3e6c25ea5483d).
  • If a kernel update is not yet available, temporarily disable the ALSA usb‑audio module by unloading it with modprobe -r snd-usb-audio or by blacklisting it in the system configuration to prevent the driver from loading. Note that this removes USB audio functionality entirely.
  • Disconnect any unwanted USB audio devices or enforce USB device whitelisting so that only authorized audio devices can be connected. This mitigates the attack surface by eliminating drivers that could process malicious descriptors.

Generated by OpenCVE AI on June 10, 2026 at 23:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-835
CPEs cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
References

Fri, 29 May 2026 04:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-606
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Thu, 28 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() The convert_chmap_v3() has a loop with its increment size of cs_desc->wLength, but we forgot to validate cs_desc->wLength itself, which may lead to potential endless loop by a malformed descriptor. Add a proper size check to abort the loop for plugging the hole.
Title ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:57:58.491Z

Reserved: 2026-05-13T15:03:33.100Z

Link: CVE-2026-46146

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:30.203

Modified: 2026-06-10T21:18:25.000

Link: CVE-2026-46146

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46146 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:15:28Z

Weaknesses
  • CWE-606

    Unchecked Input for Loop Condition

  • CWE-835

    Loop with Unreachable Exit Condition ('Infinite Loop')