{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-46018","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-13T15:03:33.092Z","datePublished":"2026-05-27T12:56:19.588Z","dateUpdated":"2026-06-14T17:48:18.248Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-14T17:48:18.248Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES\n\nparse_uac2_sample_rate_range() caps the number of enumerated\nrates at MAX_NR_RATES, but it only breaks out of the current\nrate loop. A malformed UAC2 RANGE response with additional\ntriplets continues parsing the remaining triplets and repeatedly\nprints \"invalid uac2 rates\" while probe still holds\nregister_mutex.\n\nStop the whole parse once the cap is reached and return the\nnumber of rates collected so far."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/usb/format.c"],"versions":[{"version":"4fa0e81b83503900be277e6273a79651b375e288","lessThan":"5436bc1b07d4656f99412dc72871d250d7d55205","status":"affected","versionType":"git"},{"version":"4fa0e81b83503900be277e6273a79651b375e288","lessThan":"0da05fedf5e1966b7e7d389866cb86fcf09f4b32","status":"affected","versionType":"git"},{"version":"4fa0e81b83503900be277e6273a79651b375e288","lessThan":"f14bd323eec4b4f0ef662520ec852e593ece1d4c","status":"affected","versionType":"git"},{"version":"4fa0e81b83503900be277e6273a79651b375e288","lessThan":"ab5ba9fd138758ddc50222264ff246b31e397abf","status":"affected","versionType":"git"},{"version":"4fa0e81b83503900be277e6273a79651b375e288","lessThan":"ba036305323814ec1f8655313b2fa6a0f7048716","status":"affected","versionType":"git"},{"version":"4fa0e81b83503900be277e6273a79651b375e288","lessThan":"4d7893a137eadb6163ea4298bf67d74b811d76ef","status":"affected","versionType":"git"},{"version":"4fa0e81b83503900be277e6273a79651b375e288","lessThan":"a0b78639ef09b2e77974a3de3b1c07f6de3c5e56","status":"affected","versionType":"git"},{"version":"4fa0e81b83503900be277e6273a79651b375e288","lessThan":"3c318f97dcc50b2e0556a1813bd6958678e881fd","status":"affected","versionType":"git"},{"version":"44f059fb742aac78cffdab5e0d8fe0c9910c1ded","status":"affected","versionType":"git"},{"version":"c25a53781f61c78bf2a2fa308bbd35b42ba346f6","status":"affected","versionType":"git"},{"version":"3.0.81","lessThan":"3.1","status":"affected","versionType":"semver"},{"version":"3.2.47","lessThan":"3.3","status":"affected","versionType":"semver"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/usb/format.c"],"versions":[{"version":"3.3","status":"affected"},{"version":"0","lessThan":"3.3","status":"unaffected","versionType":"semver"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"5.10.258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"5.15.209"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"6.1.175"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"6.6.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"6.12.86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"6.18.27"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"7.0.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"7.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.81"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.47"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5436bc1b07d4656f99412dc72871d250d7d55205"},{"url":"https://git.kernel.org/stable/c/0da05fedf5e1966b7e7d389866cb86fcf09f4b32"},{"url":"https://git.kernel.org/stable/c/f14bd323eec4b4f0ef662520ec852e593ece1d4c"},{"url":"https://git.kernel.org/stable/c/ab5ba9fd138758ddc50222264ff246b31e397abf"},{"url":"https://git.kernel.org/stable/c/ba036305323814ec1f8655313b2fa6a0f7048716"},{"url":"https://git.kernel.org/stable/c/4d7893a137eadb6163ea4298bf67d74b811d76ef"},{"url":"https://git.kernel.org/stable/c/a0b78639ef09b2e77974a3de3b1c07f6de3c5e56"},{"url":"https://git.kernel.org/stable/c/3c318f97dcc50b2e0556a1813bd6958678e881fd"}],"title":"ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES","x_generator":{"engine":"bippy-1.2.0"}}}}