CVE-2026-46184 Linux CVE debrief

Who should care

Organizations running Linux systems with Edirol UA-101 USB audio interfaces or allowing physical USB device connections; kernel maintainers and distribution security teams tracking stable kernel updates.

Technical summary

The Edirol UA-101 USB audio driver in the Linux kernel fails to validate the bNrChannels field from USB audio class descriptors. When a device reports bNrChannels=0, the driver calculates frame_bytes=0, which is later used as a divisor in playback_urb_complete() and capture_urb_complete(), causing a kernel crash. The vulnerability requires physical access to connect a malicious or malfunctioning USB device. The fix adds a sanity check in detect_usb_format() to reject descriptors with invalid channel counts before they are used in arithmetic operations.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits when available from your distribution
• For systems using Edirol UA-101 USB audio interfaces, verify kernel version includes the fix
• Restrict physical access to USB ports to prevent connection of malicious USB devices
• Monitor for kernel updates addressing CVE-2026-46184 in distribution security advisories
• Consider disabling USB autosuspend for audio devices if hotplugging untrusted devices is required

Evidence notes

The CVE description and kernel.org commit references confirm this is a division-by-zero vulnerability in the UA-101 USB audio driver. The fix adds validation for bNrChannels in detect_usb_format() to prevent zero values from reaching URB completion handlers. Five stable kernel commits are referenced, indicating backports to multiple kernel versions. No CVSS score has been assigned yet (status: Awaiting Analysis).

Official resources