CVE-2026-46018 Linux CVE debrief

Who should care

Linux system administrators, embedded device manufacturers using USB audio, kernel maintainers, organizations with physical security requirements

Technical summary

The parse_uac2_sample_rate_range() function in sound/usb/clock.c enforces MAX_NR_RATES (1024) as a cap on enumerated sample rates but only breaks from the inner loop processing individual rates within a triplet. When a malformed UAC2 RANGE response contains additional triplets beyond the cap, parsing continues through remaining triplets, repeatedly emitting 'invalid uac2 rates' kernel warnings. This occurs while register_mutex is held during device probe, extending lock contention and potentially flooding kernel logs. The fix terminates the entire parse operation when MAX_NR_RATES is reached, returning the collected rate count.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates from stable branches when available per vendor security advisories
• Monitor system logs for excessive 'invalid uac2 rates' messages from USB audio devices
• Restrict physical access to prevent connection of untrusted USB audio devices
• Consider disabling USB audio modules if not required in high-security environments

Evidence notes

CVE published 2026-05-27. NVD status 'Awaiting Analysis'. No CVSS assigned. Five kernel.org stable branch commits provided as references. No KEV entry. Vendor identified as Linux kernel project with low confidence from reference domain analysis.

Official resources