SB2026050731 - Out-of-bounds write in Linux kernel usb



SB2026050731 - Out-of-bounds write in Linux kernel usb

Published: May 7, 2026

Security Bulletin ID SB2026050731
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds write (CVE-ID: CVE-2026-43279)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to out-of-bounds write in prepare_silent_urb() when silencing playback URB packets in implicit feedback mode before actual playback. A local user can trigger inconsistent capture and playback stream packet sizing to cause a denial of service.

The issue can occur when the capture stream setup differs from the playback stream setup, such as due to USB core maximum packet size limitations.


Remediation

Install update from vendor's website.