CVE-2026-46179 Linux CVE debrief

Who should care

Linux system administrators running audio workloads on SOF-enabled hardware; embedded Linux developers using Intel or other SOF-supported audio DSPs; security teams monitoring kernel stability issues

Technical summary

The vulnerability is located in the ASoC (ALSA System-on-Chip) SOF (Sound Open Firmware) subsystem's compressed stream handling. The `snd_sof_compr_pointer` function or equivalent calculates the current frame position by dividing the hardware position by (channels × container_bytes). When a compressed stream is opened but not yet configured with parameters, these values remain at their default of zero. The fix adds validation to ensure both values are non-zero before performing the division, preventing the divide-by-zero fault. This is a local vulnerability requiring the ability to open compressed audio streams, typically through the ALSA compressed audio API.

Defensive priority

medium

Recommended defensive actions

• Apply the relevant stable kernel patch for your distribution's kernel version
• Verify that compressed audio stream configurations properly set channel count and container byte size before pointer operations
• Monitor kernel logs for errors related to SOF compressed stream pointer reporting
• Update to a kernel version containing the fix: 6.12.31+, 6.14.8+, 6.15+, or later stable releases

Evidence notes

The vulnerability description is sourced from the official CVE record published by NVD on 2026-05-28. The issue was resolved in the Linux kernel stable tree with commits addressing the ASoC SOF compressed stream pointer handling. Multiple stable kernel branches received backports of the fix.

Official resources