CVE-2026-23318Improper Validation of Specified Type of Input in Linux

CWE-1287Improper Validation of Specified Type of Input8 documents7 sources
Severity
7.7HIGH
No vector
EPSS
0.0%
top 90.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UAC_VERSION_2, while it should have been UAC_VERSION_3. This results in the validator never matching for actual UAC3 devices (protocol == UAC_VERSION_3), causing their header descriptors to bypass validation entirely. A malicious USB device presenting a trunc

Affected Packages5 packages

Linuxlinux/linux_kernel5.4.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux57f8770620e9b51c61089751f0b5ad3dbe376ff20dcd1ed96c03459cf14706885c9dd3c1fd8bd29f+8
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23318: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the v2026-03-25
OSV
ALSA: usb-audio: Use correct version for UAC3 header validation2026-03-25
GHSA
GHSA-x63j-v2j2-m8fv: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: ALSA: usb-audio: Use correct version for UAC3 header validation2026-03-25
Microsoft
ALSA: usb-audio: Use correct version for UAC3 header validation2026-03-10
Debian
CVE-2026-23318: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-a...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23318 Impact, Exploitability, and Mitigation Steps | Wiz