CVE-2026-52963
ANALYSIS PENDINGALSA: usb-audio: Bound MIDI endpoint descriptor scans
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans snd_usbmidi_get_ms_info() validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID[], but the descriptor walker can still return a class-specific endpoint descriptor whose bLength exceeds the remaining bytes in the endpoint-extra scan. That leaves later flexible-array reads bounded by bLength, but not by the remaining bytes in the endpoint-extra scan. Stop walking when bLength is zero or extends past the remaining endpoint-extra scan.
References (8)
Core 8
Core References
Scores
EPSS
0.0018
EPSS Percentile
8.2%
Details
Status
published
Products (35)
linux/Kernel
5.11.0 - 5.15.209linux
linux/Kernel
5.16.0 - 6.1.175linux
linux/Kernel
5.7.0 - 5.10.258linux
linux/Kernel
6.13.0 - 6.18.33linux
linux/Kernel
6.19.0 - 7.0.10linux
linux/Kernel
6.2.0 - 6.6.141linux
linux/Kernel
6.7.0 - 6.12.91linux
Linux/Linux
< 5.7
Linux/Linux
0868bc5654c07628c421547f0821650a8c2cb8f3
Linux/Linux
4.14.200 - 4.15
... and 25 more
Published
Jun 24, 2026
Tracked Since
Jun 24, 2026