CVE-2026-23078
Severity
7.8HIGH
EPSS
0.0%
top 95.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 4
Latest updateApr 9
Description
In the Linux kernel, the following vulnerability has been resolved:
ALSA: scarlett2: Fix buffer overflow in config retrieval
The scarlett2_usb_get_config() function has a logic error in the
endianness conversion code that can cause buffer overflows when
count > 1.
The code checks `if (size == 2)` where `size` is the total buffer size in
bytes, then loops `count` times treating each element as u16 (2 bytes).
This causes the loop to access `count * 2` bytes when the buffer only
has `size` bytes…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
▶CVEListV5linux/linuxac34df733d2dfe3b553897a1e9e1a44414f09834 — d5e80d1f97ae55bcea1426f551e4419245b41b9c+6
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-25gw-4v5m-94pp: In the Linux kernel, the following vulnerability has been resolved:
ALSA: scarlett2: Fix buffer overflow in config retrieval
The scarlett2_usb_get_c↗2026-02-04
OSV▶
CVE-2026-23078: In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Fix buffer overflow in config retrieval The scarlett2_usb_get_con↗2026-02-04