Out-of-bounds read in Linux kernel - CVE-2026-52964
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows an attacker with physical access to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in the USB MIDI 2.0 endpoint descriptor parser when parsing a malformed USB device descriptor. An attacker with physical access can connect a specially crafted USB device to cause a denial of service.
How to mitigate CVE-2026-52964
Sources
- https://git.kernel.org/stable/c/17e76b19de1aff5ff4de64d269290bd1b07a01d3
- https://git.kernel.org/stable/c/918be519c7876329e1b6e2ea1c59f0b75e792dca
- https://git.kernel.org/stable/c/a310b4bebda5e4a1b26520c0cc5145ccd6d617e2
- https://git.kernel.org/stable/c/f9c184a83574549a36ea69b755f650e57d164c78
- https://git.kernel.org/stable/c/fafc97bd01e4c737eaeafadfdadb1af4bbfa7307