CVE-2026-46088
- Source
- https://cve.org/CVERecord?id=CVE-2026-46088
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46088.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-46088
- Downstream
- Related
- Published
- 2026-05-27T12:58:31.895Z
- Modified
- 2026-06-05T18:29:38.873483262Z
- Summary
- ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ALSA: control: Validate buflen before strnlen() in sndctleleminitenumnames()
sndctleleminitenumnames() advances pointer p through the names buffer while decrementing buflen. If buf_len reaches zero but items remain, the next iteration calls strnlen(p, 0).
While strnlen(p, 0) returns 0 and would hit the existing namelen == 0 error path, CONFIGFORTIFY_SOURCE's fortified strnlen() first checks maxlen against _builtindynamicobjectsize(). When Clang loses track of p's object size inside the loop, this triggers a BRK exception panic before the return value is examined.
Add a buf_len == 0 guard at the loop entry to prevent calling fortified strnlen() on an exhausted buffer.
Found by kernel fuzz testing through Xiaomi Smartphone.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46088.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/1fbe46d2b72754d8bd580e13e59ccb5d3d0e8cb0
- https://git.kernel.org/stable/c/654c818a69c21d2bea4e8fd9eae7da865df9a5c8
- https://git.kernel.org/stable/c/708f6ec9bcdf58bfd561409110baaf4fd3be4ea3
- https://git.kernel.org/stable/c/82012fd3e78a14360fbc2f1a7491589896704f97
- https://git.kernel.org/stable/c/8ba0214c3dd32b8ec652947e3f2bc5b8f6e6be9e
- https://git.kernel.org/stable/c/a470f7cabc4df72d9bd132f5719a8717292bb440
- https://git.kernel.org/stable/c/bfcbb4994da9e979c4bcfcf24aaaac69e457e48e
- https://git.kernel.org/stable/c/e0da8a8cac74f4b9f577979d131f0d2b88a84487
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46088.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-46088
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4Fixed708f6ec9bcdf58bfd561409110baaf4fd3be4ea3Fixedbfcbb4994da9e979c4bcfcf24aaaac69e457e48eFixeda470f7cabc4df72d9bd132f5719a8717292bb440Fixed1fbe46d2b72754d8bd580e13e59ccb5d3d0e8cb0Fixed8ba0214c3dd32b8ec652947e3f2bc5b8f6e6be9eFixed654c818a69c21d2bea4e8fd9eae7da865df9a5c8Fixed82012fd3e78a14360fbc2f1a7491589896704f97Fixede0da8a8cac74f4b9f577979d131f0d2b88a84487
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.2.0Fixed5.10.258
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.209
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.175
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.140
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.86
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.27
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed7.0.4