SB2026050263 - Out-of-bounds read in Linux kernel usb caiaq
Published: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-31778)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an attacker with physical access to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the ALSA caiaq init_card path when processing a crafted USB device product name. An attacker with physical access can connect a specially crafted USB device to disclose sensitive information.
The issue is triggered by a product name containing many non-ASCII, non-space characters, which can cause a non-null-terminated string to be scanned past the end of a stack buffer.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/02d9c5b0b5553a391448b6d655262bd829f90234
- https://git.kernel.org/stable/c/3178b62e2e31bab39f63d4c8e54bf4ee0a425627
- https://git.kernel.org/stable/c/3afa2e67f3523a980a2f90fd63c22322ac2b9ce0
- https://git.kernel.org/stable/c/3f7f8bae0d52cbd07ab04b76b6aac89ef98ee9f6
- https://git.kernel.org/stable/c/45424e871abf2a152e247a9cff78359f18dd95c0
- https://git.kernel.org/stable/c/66194c2575a4f567577ae70b1d7561163ce791a6
- https://git.kernel.org/stable/c/7594a6464873d90fd229e5b94cdd3b92c9feabed
- https://git.kernel.org/stable/c/a82c1bce2d1299dd3c686a8fe48cf75b79a403c7