CVE-2026-46146
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel in the convert_chmap_v3() function, which may lead to a potential endless loop due to a lack of validation of the descriptor length. A proper size check has been added to prevent this situation.
Risk Assessment
A potential endless loop could lead to system lockup, affecting service availability. Organizations should be aware of the risks associated with malformed input data in the audio system.
Recommendation
It is recommended to update the Linux kernel to the latest version to patch this vulnerability. Additionally, monitor systems for malformed input data.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() The convert_chmap_v3() has a loop with its increment size of cs_desc->wLength, but we forgot to validate cs_desc->wLength itself, which may lead to potential endless loop by a malformed descriptor. Add a proper size check to abort the loop for plugging the hole.

