CVE-2026-23208

CWE-787Out-of-bounds WriteCWE-8058 documents8 sources
Severity
7.8HIGH
EPSS
0.0%
top 96.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate 22050 / pps 1000, and packsize[0] 22 packsize[1] 23. The buffer size for each data URB is maxpacksize * packets, which in this example is 40 * 6 = 240; When the user performs a write operation to send audio data into the ALSA PCM playback stream, the calculated number of frames is packsize[0] * pac

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel4.14.1864.14.188+7
CVEListV5linux/linux02c56650f3c118d3752122996d96173d26bb13aa480a1490c595a242f27493a4544b3efb21b29f6a+8
Debianlinux< 6.18.10-1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
ALSA: usb-audio: Prevent excessive number of frames2026-02-14
GHSA
GHSA-gmr7-w89v-rr2q: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user const2026-02-14
OSV
CVE-2026-23208: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constru2026-02-14

📋Vendor Advisories

3
Red Hat
kernel: ALSA: usb-audio: Prevent excessive number of frames2026-02-14
Microsoft
ALSA: usb-audio: Prevent excessive number of frames2026-02-10
Debian
CVE-2026-23208: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-a...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23208 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23208 (HIGH CVSS 7.8) | In the Linux kernel | cvebase.io