CVE-2026-23078

Unknown Unknown - Not Provided

Buffer Overflow in Linux ALSA Scarlett2 USB Config Retrieval

Publication date: 2026-02-04

Last updated on: 2026-03-18

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Fix buffer overflow in config retrieval The scarlett2_usb_get_config() function has a logic error in the endianness conversion code that can cause buffer overflows when count > 1. The code checks `if (size == 2)` where `size` is the total buffer size in bytes, then loops `count` times treating each element as u16 (2 bytes). This causes the loop to access `count * 2` bytes when the buffer only has `size` bytes allocated. Fix by checking the element size (config_item->size) instead of the total buffer size. This ensures the endianness conversion matches the actual element type.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-02-04

Last Modified

2026-03-18

Generated

2026-06-17

AI Q&A

2026-02-04

EPSS Evaluated

2026-06-15

NVD

CVE-2026-23078

Affected Vendors & Products

Vendor	Product	Version / Range
linux	linux_kernel	6.19
linux	linux_kernel	6.19
linux	linux_kernel	6.19
linux	linux_kernel	6.19
linux	linux_kernel	6.19
linux	linux_kernel	From 5.16 (inc) to 6.1.162 (exc)
linux	linux_kernel	From 6.2 (inc) to 6.6.122 (exc)
linux	linux_kernel	From 6.7 (inc) to 6.12.68 (exc)
linux	linux_kernel	From 6.13 (inc) to 6.18.8 (exc)
linux	linux_kernel	6.19
linux	linux_kernel	From 5.14 (inc) to 5.15.199 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-787	The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

Executive Summary

This vulnerability exists in the Linux kernel's ALSA scarlett2 driver, specifically in the scarlett2_usb_get_config() function.

There is a logic error in the endianness conversion code that can cause a buffer overflow when the count of elements is greater than 1.

The function incorrectly checks the total buffer size in bytes (size) instead of the size of each element, leading to accessing more bytes than allocated.

The fix involves checking the element size rather than the total buffer size to ensure the conversion matches the actual element type and prevent buffer overflow.

Impact Analysis

A buffer overflow vulnerability can lead to memory corruption, which may cause system crashes or unpredictable behavior.

In some cases, such vulnerabilities can be exploited by attackers to execute arbitrary code or escalate privileges, depending on the context and exploitability.

Since this vulnerability is in a kernel driver, successful exploitation could impact system stability and security.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2026-23078. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-23078

Buffer Overflow in Linux ALSA Scarlett2 USB Config Retrieval

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart