PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46146 Linux CVE debrief

A vulnerability in the Linux kernel's ALSA USB audio driver could allow a malformed USB audio descriptor to trigger an endless loop. The convert_chmap_v3() function iterates through channel map descriptors using a size field (cs_desc->wLength) that was not validated, permitting a zero or malformed value to stall the kernel. The fix adds proper bounds checking to abort iteration on invalid descriptor sizes.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-28
Advisory published
2026-05-28
Advisory updated
2026-05-28

Who should care

Linux system administrators, kernel maintainers, organizations using USB audio devices on Linux workstations or embedded systems

Technical summary

The convert_chmap_v3() function in sound/usb/mixer.c processes USB audio class 3.0 channel map descriptors. The loop increment uses cs_desc->wLength without validation; a zero or overflow value causes infinite iteration. The fix introduces minimum size validation before loop progression, preventing malformed descriptors from stalling the kernel.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates from your Linux distribution when available for CVE-2026-46146
  • Review systems with USB audio devices attached for unusual CPU consumption or kernel thread stalls
  • Monitor vendor security advisories for kernel package updates addressing this ALSA USB audio fix
  • Consider restricting physical USB port access on sensitive systems until patches are deployed

Evidence notes

The vulnerability description indicates this was resolved in the Linux kernel ALSA USB audio subsystem. Multiple stable kernel commits are referenced, suggesting backports to maintained branches. No CVSS score has been assigned by NVD (status: Awaiting Analysis). No KEV listing exists.

Official resources

2026-05-28