CVE-2026-43279
Buffer Overflow in Linux Kernel ALSA USB Audio Driver
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves out-of-bounds (OOB) writes in the ALSA usb-audio driver within the Linux kernel, which can cause kernel crashes (kernel Oops). Detection would primarily involve monitoring for kernel crash logs or Oops messages related to usb-audio or ALSA playback.
There are no specific commands provided in the available information to detect this vulnerability directly.
However, general approaches to detect issues related to this vulnerability include:
- Checking kernel logs for OOB write or usb-audio related errors using: dmesg | grep -i usb_audio
- Monitoring system logs for kernel Oops or crash messages: journalctl -k | grep -i oops
- Verifying the kernel version and ensuring it includes the patch that adds the sanity check for OOB writes in usb-audio.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ALSA usb-audio component. It occurs when silencing playback URB packets in implicit feedback mode before actual playback. The code assumes that the received packets fit within the buffer size, but if the capture stream setup differs from the playback stream (for example, due to USB core limitations on maximum packet size), this mismatch can cause out-of-bounds (OOB) writes to the buffer.
These OOB writes can lead to a kernel crash. The fix involves adding a sanity check on the transfer buffer size to prevent copying data that would overflow the buffer and properly reporting transfer errors. However, this fix does not address the root cause of the playback error itself, only the kernel crash resulting from it.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash due to out-of-bounds writes in the ALSA usb-audio driver when handling certain USB audio playback streams. Such crashes can lead to system instability, potential denial of service, and interruption of audio playback functionality.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by adding a sanity check in the Linux kernel's ALSA usb-audio driver to prevent out-of-bounds writes during playback silencing. To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.
Since the issue relates to the kernel's handling of USB audio playback buffers, applying the official kernel patch or upgrading to the latest kernel release that contains this fix is the recommended mitigation step.