CVE-2026-23078
Unknown Unknown - Not Provided
Buffer Overflow in Linux ALSA Scarlett2 USB Config Retrieval

Publication date: 2026-02-04

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Fix buffer overflow in config retrieval The scarlett2_usb_get_config() function has a logic error in the endianness conversion code that can cause buffer overflows when count > 1. The code checks `if (size == 2)` where `size` is the total buffer size in bytes, then loops `count` times treating each element as u16 (2 bytes). This causes the loop to access `count * 2` bytes when the buffer only has `size` bytes allocated. Fix by checking the element size (config_item->size) instead of the total buffer size. This ensures the endianness conversion matches the actual element type.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-18
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23078
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 5.16 (inc) to 6.1.162 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.122 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.68 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.8 (exc)
linux linux_kernel 6.19
linux linux_kernel From 5.14 (inc) to 5.15.199 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's ALSA scarlett2 driver, specifically in the scarlett2_usb_get_config() function.

There is a logic error in the endianness conversion code that can cause a buffer overflow when the count of elements is greater than 1.

The function incorrectly checks the total buffer size in bytes (size) instead of the size of each element, leading to accessing more bytes than allocated.

The fix involves checking the element size rather than the total buffer size to ensure the conversion matches the actual element type and prevent buffer overflow.


How can this vulnerability impact me? :

A buffer overflow vulnerability can lead to memory corruption, which may cause system crashes or unpredictable behavior.

In some cases, such vulnerabilities can be exploited by attackers to execute arbitrary code or escalate privileges, depending on the context and exploitability.

Since this vulnerability is in a kernel driver, successful exploitation could impact system stability and security.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart