CVE-2026-46179
Pointer Operations Bypass in Linux Kernel ASoC SOF
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | linux_kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ASoC (ALSA System on Chip) SOF (Sound Open Firmware) component. It involves pointer operations on unconfigured compressed audio streams. Specifically, when reporting the pointer for a compressed stream, the current I/O frame position is calculated by dividing the position by the product of the number of channels and the number of container bytes. These values default to zero and are only set when stream parameters are configured. If these values remain zero, a divide-by-zero error can occur. The vulnerability was fixed by validating that these values are non-zero and returning an error if they are not.
How can this vulnerability impact me? :
This vulnerability can lead to a divide-by-zero error in the Linux kernel's audio subsystem when handling compressed streams that are not properly configured. Such an error could potentially cause a kernel crash or instability, affecting system reliability and availability.