{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23076","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.958Z","datePublished":"2026-02-04T16:08:01.204Z","dateUpdated":"2026-05-11T21:59:32.239Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:59:32.239Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ctxfi: Fix potential OOB access in audio mixer handling\n\nIn the audio mixer handling code of ctxfi driver, the conf field is\nused as a kind of loop index, and it's referred in the index callbacks\n(amixer_index() and sum_index()).\n\nAs spotted recently by fuzzers, the current code causes OOB access at\nthose functions.\n| UBSAN: array-index-out-of-bounds in /build/reproducible-path/linux-6.17.8/sound/pci/ctxfi/ctamixer.c:347:48\n| index 8 is out of range for type 'unsigned char [8]'\n\nAfter the analysis, the cause was found to be the lack of the proper\n(re-)initialization of conj field.\n\nThis patch addresses those OOB accesses by adding the proper\ninitializations of the loop indices."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/pci/ctxfi/ctamixer.c"],"versions":[{"version":"8cc72361481f00253f1e468ade5795427386d593","lessThan":"6524205326e0c1a21263b5c14e48e14ef7e449ae","status":"affected","versionType":"git"},{"version":"8cc72361481f00253f1e468ade5795427386d593","lessThan":"afca7ff5d5d4d63a1acb95461f55ca9a729feedf","status":"affected","versionType":"git"},{"version":"8cc72361481f00253f1e468ade5795427386d593","lessThan":"8c1d09806e1441bc6a54b9a4f2818918046d5174","status":"affected","versionType":"git"},{"version":"8cc72361481f00253f1e468ade5795427386d593","lessThan":"a8c42d11b0526a89192bd2f79facb4c60c8a1f38","status":"affected","versionType":"git"},{"version":"8cc72361481f00253f1e468ade5795427386d593","lessThan":"d77ba72558cd66704f0fb7e0969f697e87c0f71c","status":"affected","versionType":"git"},{"version":"8cc72361481f00253f1e468ade5795427386d593","lessThan":"873e2360d247eeee642878fcc3398babff7e387c","status":"affected","versionType":"git"},{"version":"8cc72361481f00253f1e468ade5795427386d593","lessThan":"61006c540cbdedea83b05577dc7fb7fa18fe1276","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/pci/ctxfi/ctamixer.c"],"versions":[{"version":"2.6.31","status":"affected"},{"version":"0","lessThan":"2.6.31","status":"unaffected","versionType":"semver"},{"version":"5.10.249","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.199","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.162","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.122","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.68","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.8","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"5.10.249"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"5.15.199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"6.1.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"6.6.122"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"6.12.68"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"6.18.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6524205326e0c1a21263b5c14e48e14ef7e449ae"},{"url":"https://git.kernel.org/stable/c/afca7ff5d5d4d63a1acb95461f55ca9a729feedf"},{"url":"https://git.kernel.org/stable/c/8c1d09806e1441bc6a54b9a4f2818918046d5174"},{"url":"https://git.kernel.org/stable/c/a8c42d11b0526a89192bd2f79facb4c60c8a1f38"},{"url":"https://git.kernel.org/stable/c/d77ba72558cd66704f0fb7e0969f697e87c0f71c"},{"url":"https://git.kernel.org/stable/c/873e2360d247eeee642878fcc3398babff7e387c"},{"url":"https://git.kernel.org/stable/c/61006c540cbdedea83b05577dc7fb7fa18fe1276"}],"title":"ALSA: ctxfi: Fix potential OOB access in audio mixer handling","x_generator":{"engine":"bippy-1.2.0"}}}}