Linux Kernel Vulnerability in ALSA Control Affecting Multiple Versions
CVE-2026-46088

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-46088?

A vulnerability has been identified in the Linux kernel's ALSA control that may result from inadequate validation of buffer lengths in the snd_ctl_elem_init_enum_names() function. During operation, if the buffer length (buf_len) reaches zero while still containing items, the function may proceed to call strnlen() with an exhausted buffer, leading to potential memory access violations. A BRK exception panic can occur if this situation arises during parsing, primarily noted in kernel fuzz testing conducted via Xiaomi Smartphone. The implementation now includes a safeguard to check buf_len at the entry of the loop to prevent such errors from arising.

Affected Version(s)

Linux 8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4 < 1fbe46d2b72754d8bd580e13e59ccb5d3d0e8cb0

Linux 8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4 < 8ba0214c3dd32b8ec652947e3f2bc5b8f6e6be9e

Linux 8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4 < 654c818a69c21d2bea4e8fd9eae7da865df9a5c8

References

https://git.kernel.org/stable/c/1fbe46d2b72754d8bd580e13e...

https://git.kernel.org/stable/c/8ba0214c3dd32b8ec652947e3...

https://git.kernel.org/stable/c/654c818a69c21d2bea4e8fd9e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46088 Data

JSON