CVE-2026-43279
Undergoing Analysis Undergoing Analysis - In Progress
Buffer Overflow in Linux Kernel ALSA USB Audio Driver

Publication date: 2026-05-06

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But when the setup in the capture stream differs from the playback stream (e.g. due to the USB core limitation of max packet size), such an inconsistency may lead to OOB writes to the buffer, resulting in a crash. For addressing it, add a sanity check of the transfer buffer size at prepare_silent_urb(), and stop the data copy if the received data overflows. Also, report back the transfer error properly from there, too. Note that this doesn't fix the root cause of the playback error itself, but this merely covers the kernel Oops.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43279
EUVD
EUVD-2026-27677
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 3.5 (inc) to 5.15.202 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's ALSA usb-audio component. It occurs when silencing playback URB packets in implicit feedback mode before actual playback. The code assumes that the received packets fit within the buffer size, but if the capture stream setup differs from the playback stream (for example, due to USB core limitations on maximum packet size), this mismatch can cause out-of-bounds (OOB) writes to the buffer.

These OOB writes can lead to a kernel crash. The fix involves adding a sanity check on the transfer buffer size to prevent copying data that would overflow the buffer and properly reporting transfer errors. However, this fix does not address the root cause of the playback error itself, only the kernel crash resulting from it.

Impact Analysis

This vulnerability can cause the Linux kernel to crash due to out-of-bounds writes in the ALSA usb-audio driver when handling certain USB audio playback streams. Such crashes can lead to system instability, potential denial of service, and interruption of audio playback functionality.

Mitigation Strategies

The vulnerability has been resolved by adding a sanity check in the Linux kernel's ALSA usb-audio driver to prevent out-of-bounds writes during playback silencing. To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Since the issue relates to the kernel's handling of USB audio playback buffers, applying the official kernel patch or upgrading to the latest kernel release that contains this fix is the recommended mitigation step.

Detection Guidance

This vulnerability involves out-of-bounds (OOB) writes in the ALSA usb-audio driver within the Linux kernel, which can cause kernel crashes (kernel Oops). Detection would primarily involve monitoring for kernel crash logs or Oops messages related to usb-audio or ALSA playback.

There are no specific commands provided in the available information to detect this vulnerability directly.

However, general approaches to detect issues related to this vulnerability include:

  • Checking kernel logs for OOB write or usb-audio related errors using: dmesg | grep -i usb_audio
  • Monitoring system logs for kernel Oops or crash messages: journalctl -k | grep -i oops
  • Verifying the kernel version and ensuring it includes the patch that adds the sanity check for OOB writes in usb-audio.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43279. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart