In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

The convert_chmap_v3() has a loop with its increment size of
cs_desc->wLength, but we forgot to validate cs_desc->wLength itself,
which may lead to potential endless loop by a malformed descriptor.

Add a proper size check to abort the loop for plugging the hole.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
1034719fdefd26caeec0a44a868bb5a412c2c1a5 affected < e0e3dcf48189603f3865f1a0b799b3b42baae96d
ae17b3b5e753efc239421d186cd1ff06e5ac296e affected < 4e0ee232ebe3df04874125d7c7f3e6c25ea5483d
ecfd41166b72b67d3bdeb88d224ff445f6163869 affected < be09b47ed8677d76962e3240c145502e2ad9f3c8
ecfd41166b72b67d3bdeb88d224ff445f6163869 affected < fa5b19ce69067874b1413f3c2027563bae8c2cb3
ecfd41166b72b67d3bdeb88d224ff445f6163869 affected < 6e7247d8f5fefeceb0bb9cc80a5388a636b219cd
799c06ad4c9c790c265e8b6b94947213f1fb389c affected
786571b10b1ae6d90e1242848ce78ee7e1d493c4 affected
275e37532e8ebe25e8a4069b2d9f955bfd202a46 affected
47ab3d820cb0a502bd0074f83bb3cf7ab5d79902 affected
dfdcbcde5c20df878178245d4449feada7d5b201 affected
7ef3fd250f84494fb2f7871f357808edaa1fc6ce affected
6.6.103 affected < 6.6.140
6.12.43 affected < 6.12.88
5.4.297 affected < 5.5
5.10.241 affected < 5.11
5.15.190 affected < 5.16
6.1.149 affected < 6.2
6.15.11 affected < 6.16
6.16.2 affected < 6.17
Linux Linux affected
Version Status Constraints
6.17 affected
0 unaffected < 6.17
6.6.140 unaffected ≤ 6.6.*
6.12.88 unaffected ≤ 6.12.*
6.18.30 unaffected ≤ 6.18.*
7.0.7 unaffected ≤ 7.0.*
7.1-rc2 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/4e0ee232ebe3df04874125d7c7f3e6c25ea5483d cve-icon cve-icon
https://git.kernel.org/stable/c/6e7247d8f5fefeceb0bb9cc80a5388a636b219cd cve-icon cve-icon
https://git.kernel.org/stable/c/be09b47ed8677d76962e3240c145502e2ad9f3c8 cve-icon cve-icon
https://git.kernel.org/stable/c/e0e3dcf48189603f3865f1a0b799b3b42baae96d cve-icon cve-icon
https://git.kernel.org/stable/c/fa5b19ce69067874b1413f3c2027563bae8c2cb3 cve-icon cve-icon
History

Thu, 28 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() The convert_chmap_v3() has a loop with its increment size of cs_desc->wLength, but we forgot to validate cs_desc->wLength itself, which may lead to potential endless loop by a malformed descriptor. Add a proper size check to abort the loop for plugging the hole.
Title ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:36:02.794Z

Reserved: 2026-05-13T15:03:33.100Z

Link: CVE-2026-46146

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-28T10:16:30.203

Modified: 2026-05-28T10:16:30.203

Link: CVE-2026-46146

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T11:45:16Z

Weaknesses