SB2026050731 - Out-of-bounds write in Linux kernel usb
Published: May 7, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-43279)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to out-of-bounds write in prepare_silent_urb() when silencing playback URB packets in implicit feedback mode before actual playback. A local user can trigger inconsistent capture and playback stream packet sizing to cause a denial of service.
The issue can occur when the capture stream setup differs from the playback stream setup, such as due to USB core maximum packet size limitations.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6af16f1b8649df4c00d6ced924bdd8b72c885b6a
- https://git.kernel.org/stable/c/780dc57794a217b49994fa1d0b42465fb10a00aa
- https://git.kernel.org/stable/c/8995fc0e00b3fee9bf7ecb3d836b635b730c1049
- https://git.kernel.org/stable/c/ccaf9296763be4f76b59e2cac377006016c34435
- https://git.kernel.org/stable/c/fa01973bb79d70c4736b6a4b2de99fbb2cbc8d1f
- https://git.kernel.org/stable/c/fba2105a157fffcf19825e4eea498346738c9948
- https://git.kernel.org/stable/c/fc9e5af60dc199051dc202ae78e1fe76a9977a5e