{"api_version":"1","generated_at":"2026-05-31T20:15:22+00:00","cve":"CVE-2026-46146","urls":{"html":"https://cve.report/CVE-2026-46146","api":"https://cve.report/api/cve/CVE-2026-46146.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-46146","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-46146"},"summary":{"title":"ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()\n\nThe convert_chmap_v3() has a loop with its increment size of\ncs_desc->wLength, but we forgot to validate cs_desc->wLength itself,\nwhich may lead to potential endless loop by a malformed descriptor.\n\nAdd a proper size check to abort the loop for plugging the hole.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-28 10:16:30","updated_at":"2026-05-28 13:44:01"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/e0e3dcf48189603f3865f1a0b799b3b42baae96d","name":"https://git.kernel.org/stable/c/e0e3dcf48189603f3865f1a0b799b3b42baae96d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/6e7247d8f5fefeceb0bb9cc80a5388a636b219cd","name":"https://git.kernel.org/stable/c/6e7247d8f5fefeceb0bb9cc80a5388a636b219cd","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/be09b47ed8677d76962e3240c145502e2ad9f3c8","name":"https://git.kernel.org/stable/c/be09b47ed8677d76962e3240c145502e2ad9f3c8","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/fa5b19ce69067874b1413f3c2027563bae8c2cb3","name":"https://git.kernel.org/stable/c/fa5b19ce69067874b1413f3c2027563bae8c2cb3","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/4e0ee232ebe3df04874125d7c7f3e6c25ea5483d","name":"https://git.kernel.org/stable/c/4e0ee232ebe3df04874125d7c7f3e6c25ea5483d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46146","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46146","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1034719fdefd26caeec0a44a868bb5a412c2c1a5 e0e3dcf48189603f3865f1a0b799b3b42baae96d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ae17b3b5e753efc239421d186cd1ff06e5ac296e 4e0ee232ebe3df04874125d7c7f3e6c25ea5483d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ecfd41166b72b67d3bdeb88d224ff445f6163869 be09b47ed8677d76962e3240c145502e2ad9f3c8 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ecfd41166b72b67d3bdeb88d224ff445f6163869 fa5b19ce69067874b1413f3c2027563bae8c2cb3 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ecfd41166b72b67d3bdeb88d224ff445f6163869 6e7247d8f5fefeceb0bb9cc80a5388a636b219cd git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 799c06ad4c9c790c265e8b6b94947213f1fb389c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 786571b10b1ae6d90e1242848ce78ee7e1d493c4 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 275e37532e8ebe25e8a4069b2d9f955bfd202a46 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 47ab3d820cb0a502bd0074f83bb3cf7ab5d79902 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected dfdcbcde5c20df878178245d4449feada7d5b201 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7ef3fd250f84494fb2f7871f357808edaa1fc6ce git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.6.103 6.6.140 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.12.43 6.12.88 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.4.297 5.5 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.10.241 5.11 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.15.190 5.16 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.1.149 6.2 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.15.11 6.16 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.16.2 6.17 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.17","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.17 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.140 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.88 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.30 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0.7 7.0.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.1-rc2 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"46146","cve":"CVE-2026-46146","epss":"0.000180000","percentile":"0.051570000","score_date":"2026-05-30","updated_at":"2026-05-31 00:14:03"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["sound/usb/stream.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"e0e3dcf48189603f3865f1a0b799b3b42baae96d","status":"affected","version":"1034719fdefd26caeec0a44a868bb5a412c2c1a5","versionType":"git"},{"lessThan":"4e0ee232ebe3df04874125d7c7f3e6c25ea5483d","status":"affected","version":"ae17b3b5e753efc239421d186cd1ff06e5ac296e","versionType":"git"},{"lessThan":"be09b47ed8677d76962e3240c145502e2ad9f3c8","status":"affected","version":"ecfd41166b72b67d3bdeb88d224ff445f6163869","versionType":"git"},{"lessThan":"fa5b19ce69067874b1413f3c2027563bae8c2cb3","status":"affected","version":"ecfd41166b72b67d3bdeb88d224ff445f6163869","versionType":"git"},{"lessThan":"6e7247d8f5fefeceb0bb9cc80a5388a636b219cd","status":"affected","version":"ecfd41166b72b67d3bdeb88d224ff445f6163869","versionType":"git"},{"status":"affected","version":"799c06ad4c9c790c265e8b6b94947213f1fb389c","versionType":"git"},{"status":"affected","version":"786571b10b1ae6d90e1242848ce78ee7e1d493c4","versionType":"git"},{"status":"affected","version":"275e37532e8ebe25e8a4069b2d9f955bfd202a46","versionType":"git"},{"status":"affected","version":"47ab3d820cb0a502bd0074f83bb3cf7ab5d79902","versionType":"git"},{"status":"affected","version":"dfdcbcde5c20df878178245d4449feada7d5b201","versionType":"git"},{"status":"affected","version":"7ef3fd250f84494fb2f7871f357808edaa1fc6ce","versionType":"git"},{"lessThan":"6.6.140","status":"affected","version":"6.6.103","versionType":"semver"},{"lessThan":"6.12.88","status":"affected","version":"6.12.43","versionType":"semver"},{"lessThan":"5.5","status":"affected","version":"5.4.297","versionType":"semver"},{"lessThan":"5.11","status":"affected","version":"5.10.241","versionType":"semver"},{"lessThan":"5.16","status":"affected","version":"5.15.190","versionType":"semver"},{"lessThan":"6.2","status":"affected","version":"6.1.149","versionType":"semver"},{"lessThan":"6.16","status":"affected","version":"6.15.11","versionType":"semver"},{"lessThan":"6.17","status":"affected","version":"6.16.2","versionType":"semver"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["sound/usb/stream.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.17"},{"lessThan":"6.17","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.140","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.88","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.30","versionType":"semver"},{"lessThanOrEqual":"7.0.*","status":"unaffected","version":"7.0.7","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.1-rc2","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.140","versionStartIncluding":"6.6.103","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.88","versionStartIncluding":"6.12.43","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.30","versionStartIncluding":"6.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.7","versionStartIncluding":"6.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1-rc2","versionStartIncluding":"6.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.297","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.241","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.190","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.149","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15.11","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16.2","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()\n\nThe convert_chmap_v3() has a loop with its increment size of\ncs_desc->wLength, but we forgot to validate cs_desc->wLength itself,\nwhich may lead to potential endless loop by a malformed descriptor.\n\nAdd a proper size check to abort the loop for plugging the hole."}],"providerMetadata":{"dateUpdated":"2026-05-28T09:36:02.794Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/e0e3dcf48189603f3865f1a0b799b3b42baae96d"},{"url":"https://git.kernel.org/stable/c/4e0ee232ebe3df04874125d7c7f3e6c25ea5483d"},{"url":"https://git.kernel.org/stable/c/be09b47ed8677d76962e3240c145502e2ad9f3c8"},{"url":"https://git.kernel.org/stable/c/fa5b19ce69067874b1413f3c2027563bae8c2cb3"},{"url":"https://git.kernel.org/stable/c/6e7247d8f5fefeceb0bb9cc80a5388a636b219cd"}],"title":"ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-46146","datePublished":"2026-05-28T09:36:02.794Z","dateReserved":"2026-05-13T15:03:33.100Z","dateUpdated":"2026-05-28T09:36:02.794Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-28 10:16:30","lastModifiedDate":"2026-05-28 13:44:01","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"46146","Ordinal":"1","Title":"ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v","CVE":"CVE-2026-46146","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"46146","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()\n\nThe convert_chmap_v3() has a loop with its increment size of\ncs_desc->wLength, but we forgot to validate cs_desc->wLength itself,\nwhich may lead to potential endless loop by a malformed descriptor.\n\nAdd a proper size check to abort the loop for plugging the hole.","Type":"Description","Title":"ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v"}]}}}