Linux Distros Unpatched Vulnerability : CVE-2026-46146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to valida...

CVE-2026-46146

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

CVE-2026-46146

In the Linux kernel’s ALSA usb-audio driver, the convert_chmap_v3() loop used cs_desc->wLength as the increment without validating the length, which may cause an endless loop on malformed descriptors. A proper size check was added to abort the loop, mitigating the issue. Affected component: Li...

CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

EUVD-2026-32773

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

PT-2026-44269

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ALSA usb-audio component within the convert chmap v3 function. The function contains a loop that uses the cs desc-wLength variable to determine the increment size...

DEBIAN-CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in respmodeselect+0xa4c/0xb40 drivers/scsi/scsidebug.c:2509...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed out-of-bounds reads when finding clock sources The current USB-audio driver code does not check the bLength value of each descriptor during traversal. This means that when a device provides a bogus descript...

CVE-2026-35215

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005186)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005186 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver...

SUSE CVE-2025-71093

In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000tbishouldaccept In e1000tbishouldaccept we read the last byte of the frame via 'datalength - 1' to evaluate the TBI workaround. If the descriptor- reported length is zero or larger than the actual RX buffer...

CVE-2025-71093 e1000: fix OOB in e1000_tbi_should_accept()

In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000tbishouldaccept In e1000tbishouldaccept we read the last byte of the frame via 'datalength - 1' to evaluate the TBI workaround. If the descriptor- reported length is zero or larger than the actual RX buffer...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unverified descriptor report length in the e1000tbishouldaccept function, which could lead to an...

Espressif ESP-IDF 资源管理错误漏洞

Espressif ESP-IDF is an IoT development framework from China Loxin Espressif. A resource management error vulnerability exists in versions of Espressif ESP-IDF prior to 1.1.0, which stems from the use of outdated pointers when handling the length of an attacker-controlled report descriptor, which...

kernel: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()

A flaw exists in the Linux kernel’s HID multitouch driver function mtreportfixup in drivers/hid/hid-multitouch.c. A malicious HID device may supply a report descriptor smaller than 607 bytes; the function then attempts to access and patch byte offset 607 without first verifying the descriptor...

kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...

kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990262 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989262 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity...