Description
In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans

The USB MIDI 2.0 endpoint parser has the same descriptor walking
pattern as the legacy MIDI parser. It validates bLength against
bNumGrpTrmBlock before reading baAssoGrpTrmBlkID[], but not against the
remaining bytes in the endpoint-extra scan.

A malformed device can therefore make later baAssoGrpTrmBlkID[] reads
consume bytes past the walked descriptor.

Reject zero-length and overlong descriptors while walking endpoint
extras.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read flaw exists in the ALSA USB‑audio driver’s MIDI 2.0 endpoint descriptor parser. The parser checks the length of each terminal block before reading its identifier array but fails to ensure that the subsequent identifier reads stay within the descriptor boundaries. A malicious USB MIDI device can supply a descriptor that forces the driver to read past the valid data, causing a kernel memory disclosure. The weakness aligns with buffer over‑read problems (CWE‑1284).

Affected Systems

Every Linux kernel that contains the ALSA usb‑audio driver without the committed patch is affected. This includes all distributions that compile the kernel from sources before the fix is merged. The issue exists in all releases prior to the commit noted in the advisory, regardless of minor version.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1 % and the absence from the CISA KEV catalog imply a low likelihood of exploitation. Exploitation requires a malicious USB MIDI device to be connected, which is typically a local attack scenario. A successful read may leak kernel memory but does not grant arbitrary code execution; the impact is limited to information disclosure.

Generated by OpenCVE AI on June 26, 2026 at 05:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the ALSA usb‑audio MIDI 2.0 descriptor validation patch.
  • Reboot the system after upgrading so that the updated driver is loaded.
  • If an updated kernel is not yet available, restrict or block USB MIDI devices using udev rules or other device‑management policies to prevent the vulnerable driver from processing unknown devices.

Generated by OpenCVE AI on June 26, 2026 at 05:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-126

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-126

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading baAssoGrpTrmBlkID[], but not against the remaining bytes in the endpoint-extra scan. A malformed device can therefore make later baAssoGrpTrmBlkID[] reads consume bytes past the walked descriptor. Reject zero-length and overlong descriptors while walking endpoint extras.
Title ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:28:44.345Z

Reserved: 2026-06-09T07:44:35.374Z

Link: CVE-2026-52964

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52964 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T05:30:17Z

Weaknesses
  • CWE-1284

    Improper Validation of Specified Quantity in Input