{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-46184","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-13T15:03:33.103Z","datePublished":"2026-05-28T09:36:38.134Z","dateUpdated":"2026-06-14T18:00:59.666Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-14T18:00:59.666Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsound: ua101: fix division by zero at probe\n\nAdd a missing sanity check for bNrChannels in detect_usb_format()\nto prevent a division by zero in playback_urb_complete() and\ncapture_urb_complete().\n\nUSB core does not validate class-specific descriptor fields such\nas bNrChannels, so drivers must verify them before use. If a\ndevice provides bNrChannels = 0, frame_bytes becomes zero and is\nlater used as a divisor in the URB completion handlers, leading\nto a kernel crash."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/usb/misc/ua101.c"],"versions":[{"version":"63978ab3e3e963db28093b53bb4598f2702e1ad7","lessThan":"e02897c5b041c9b980055fa9a6167023d6dc5caf","status":"affected","versionType":"git"},{"version":"63978ab3e3e963db28093b53bb4598f2702e1ad7","lessThan":"aae1498c59f48d03ee358df84f07a5af9885f827","status":"affected","versionType":"git"},{"version":"63978ab3e3e963db28093b53bb4598f2702e1ad7","lessThan":"66d9c2ed081f299cfb201d9e9c4faf920e56e0bf","status":"affected","versionType":"git"},{"version":"63978ab3e3e963db28093b53bb4598f2702e1ad7","lessThan":"6162e8212e88c39492d981b248b5e37002486c66","status":"affected","versionType":"git"},{"version":"63978ab3e3e963db28093b53bb4598f2702e1ad7","lessThan":"593dd7e6c890d8e4ca21b3e2f796b7cb8e8da983","status":"affected","versionType":"git"},{"version":"63978ab3e3e963db28093b53bb4598f2702e1ad7","lessThan":"0ff2b713f406e9ecadb406014d74e7a020ac12b1","status":"affected","versionType":"git"},{"version":"63978ab3e3e963db28093b53bb4598f2702e1ad7","lessThan":"f1862dbf09080254c52175a448290c784dd7d3de","status":"affected","versionType":"git"},{"version":"63978ab3e3e963db28093b53bb4598f2702e1ad7","lessThan":"d1f73f169c1014463b5060e3f60813e13ddc7b87","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/usb/misc/ua101.c"],"versions":[{"version":"2.6.34","status":"affected"},{"version":"0","lessThan":"2.6.34","status":"unaffected","versionType":"semver"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"5.10.258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"5.15.209"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.1.175"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.6.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.12.88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"6.18.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"7.0.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e02897c5b041c9b980055fa9a6167023d6dc5caf"},{"url":"https://git.kernel.org/stable/c/aae1498c59f48d03ee358df84f07a5af9885f827"},{"url":"https://git.kernel.org/stable/c/66d9c2ed081f299cfb201d9e9c4faf920e56e0bf"},{"url":"https://git.kernel.org/stable/c/6162e8212e88c39492d981b248b5e37002486c66"},{"url":"https://git.kernel.org/stable/c/593dd7e6c890d8e4ca21b3e2f796b7cb8e8da983"},{"url":"https://git.kernel.org/stable/c/0ff2b713f406e9ecadb406014d74e7a020ac12b1"},{"url":"https://git.kernel.org/stable/c/f1862dbf09080254c52175a448290c784dd7d3de"},{"url":"https://git.kernel.org/stable/c/d1f73f169c1014463b5060e3f60813e13ddc7b87"}],"title":"sound: ua101: fix division by zero at probe","x_generator":{"engine":"bippy-1.2.0"}}}}