AZL-77712

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77712.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-77712

Upstream

CVE-2026-23208

Published

2026-02-14T17:15:58Z

Modified

2026-04-01T05:23:10.400106Z

Summary

CVE-2026-23208 affecting package kernel 6.6.126.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Prevent excessive number of frames

In this case, the user constructed the parameters with maxpacksize 40 for rate 22050 / pps 1000, and packsize[0] 22 packsize[1] 23. The buffer size for each data URB is maxpacksize * packets, which in this example is 40 * 6 = 240; When the user performs a write operation to send audio data into the ALSA PCM playback stream, the calculated number of frames is packsize[0] * packets = 264, which exceeds the allocated URB buffer size, triggering the out-of-bounds (OOB) issue reported by syzbot [1].

Added a check for the number of single data URB frames when calculating the number of frames to prevent [1].

[1] BUG: KASAN: slab-out-of-bounds in copytourb+0x261/0x460 sound/usb/pcm.c:1487 Write of size 264 at addr ffff88804337e800 by task syz.0.17/5506 Call Trace: copytourb+0x261/0x460 sound/usb/pcm.c:1487 prepareplaybackurb+0x953/0x13d0 sound/usb/pcm.c:1611 prepareoutboundurb+0x377/0xc50 sound/usb/endpoint.c:333

References

https://nvd.nist.gov/vuln/detail/CVE-2026-23208

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.6.126.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77712.json"