CVE Catalog

CVE-2026-46146

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel in the convert_chmap_v3() function, which may lead to a potential endless loop due to a lack of validation of the descriptor length. A proper size check has been added to prevent this situation.

Risk Assessment

A potential endless loop could lead to system lockup, affecting service availability. Organizations should be aware of the risks associated with malformed input data in the audio system.

Recommendation

It is recommended to update the Linux kernel to the latest version to patch this vulnerability. Additionally, monitor systems for malformed input data.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() The convert_chmap_v3() has a loop with its increment size of cs_desc->wLength, but we forgot to validate cs_desc->wLength itself, which may lead to potential endless loop by a malformed descriptor. Add a proper size check to abort the loop for plugging the hole.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS