Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Linux Kernel ALSA Audio Driver: Excessive Audio Data Sent
UBUNTU-CVE-2026-23208
Summary
A bug in the Linux kernel's ALSA audio driver could cause the system to send too much audio data at once. This could lead to the system crashing or behaving unexpectedly. The issue has been fixed, and users should update their Linux kernel to the latest version to prevent this problem.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| canonical | linux | All versions | – |
| canonical | linux-aws | All versions | – |
| canonical | linux-azure | All versions | – |
| canonical | linux-lts-xenial | All versions | – |
| canonical | linux | All versions | – |
| canonical | linux-aws | All versions | – |
| canonical | linux-aws-hwe | All versions | – |
| canonical | linux-azure | All versions | – |
| canonical | linux-gcp | All versions | – |
| canonical | linux-hwe | All versions | – |
| canonical | linux-hwe-edge | All versions | – |
| canonical | linux-kvm | All versions | – |
| canonical | linux-oracle | All versions | – |
| canonical | linux-fips | All versions | – |
| canonical | linux-fips | All versions | – |
| canonical | linux | All versions | – |
| canonical | linux-aws | All versions | – |
| canonical | linux-aws-5.0 | All versions | – |
| canonical | linux-aws-5.3 | All versions | – |
| canonical | linux-aws-5.4 | All versions | – |
| canonical | linux-azure | All versions | – |
| canonical | linux-azure-4.15 | All versions | – |
| canonical | linux-azure-5.3 | All versions | – |
| canonical | linux-azure-5.4 | All versions | – |
| canonical | linux-azure-edge | All versions | – |
| canonical | linux-gcp | All versions | – |
| canonical | linux-gcp-4.15 | All versions | – |
| canonical | linux-gcp-5.3 | All versions | – |
| canonical | linux-gcp-5.4 | All versions | – |
| canonical | linux-gke-4.15 | All versions | – |
| canonical | linux-gke-5.4 | All versions | – |
| canonical | linux-gkeop-5.4 | All versions | – |
| canonical | linux-hwe | All versions | – |
| canonical | linux-hwe-5.4 | All versions | – |
| canonical | linux-hwe-edge | All versions | – |
| canonical | linux-ibm-5.4 | All versions | – |
| canonical | linux-kvm | All versions | – |
| canonical | linux-oem | All versions | – |
| canonical | linux-oracle | All versions | – |
| canonical | linux-oracle-5.0 | All versions | – |
| canonical | linux-oracle-5.3 | All versions | – |
| canonical | linux-oracle-5.4 | All versions | – |
| canonical | linux-raspi-5.4 | All versions | – |
| canonical | linux-aws-fips | All versions | – |
| canonical | linux-azure-fips | All versions | – |
| canonical | linux-fips | All versions | – |
| canonical | linux-gcp-fips | All versions | – |
| canonical | linux-aws-fips | All versions | – |
| canonical | linux-azure-fips | All versions | – |
| canonical | linux-fips | All versions | – |
| canonical | linux-gcp-fips | All versions | – |
| canonical | linux | All versions | – |
| canonical | linux-aws | All versions | – |
| canonical | linux-aws-5.11 | All versions | – |
| canonical | linux-aws-5.13 | All versions | – |
| canonical | linux-aws-5.15 | All versions | – |
| canonical | linux-aws-5.8 | All versions | – |
| canonical | linux-azure | All versions | – |
| canonical | linux-azure-5.11 | All versions | – |
| canonical | linux-azure-5.13 | All versions | – |
| canonical | linux-azure-5.15 | All versions | – |
| canonical | linux-azure-5.8 | All versions | – |
| canonical | linux-azure-fde | All versions | – |
| canonical | linux-azure-fde-5.15 | All versions | – |
| canonical | linux-bluefield | All versions | – |
| canonical | linux-gcp | All versions | – |
| canonical | linux-gcp-5.11 | All versions | – |
| canonical | linux-gcp-5.13 | All versions | – |
| canonical | linux-gcp-5.15 | All versions | – |
| canonical | linux-gcp-5.8 | All versions | – |
| canonical | linux-gke | All versions | – |
| canonical | linux-gke-5.15 | All versions | – |
| canonical | linux-gkeop | All versions | – |
| canonical | linux-gkeop-5.15 | All versions | – |
| canonical | linux-hwe-5.11 | All versions | – |
| canonical | linux-hwe-5.13 | All versions | – |
| canonical | linux-hwe-5.15 | All versions | – |
| canonical | linux-hwe-5.8 | All versions | – |
| canonical | linux-ibm | All versions | – |
| canonical | linux-ibm-5.15 | All versions | – |
| canonical | linux-intel-5.13 | All versions | – |
| canonical | linux-intel-iotg-5.15 | All versions | – |
| canonical | linux-iot | All versions | – |
| canonical | linux-kvm | All versions | – |
| canonical | linux-lowlatency-hwe-5.15 | All versions | – |
| canonical | linux-nvidia-tegra-5.15 | All versions | – |
| canonical | linux-oem-5.10 | All versions | – |
| canonical | linux-oem-5.13 | All versions | – |
| canonical | linux-oem-5.14 | All versions | – |
| canonical | linux-oem-5.6 | All versions | – |
| canonical | linux-oracle | All versions | – |
| canonical | linux-oracle-5.11 | All versions | – |
| canonical | linux-oracle-5.13 | All versions | – |
| canonical | linux-oracle-5.15 | All versions | – |
| canonical | linux-oracle-5.8 | All versions | – |
| canonical | linux-raspi | All versions | – |
| canonical | linux-raspi2 | All versions | – |
| canonical | linux-riscv | All versions | – |
| canonical | linux-riscv-5.11 | All versions | – |
| canonical | linux-riscv-5.15 | All versions | – |
| canonical | linux-riscv-5.8 | All versions | – |
| canonical | linux-xilinx-zynqmp | All versions | – |
| canonical | linux-aws-fips | All versions | – |
| canonical | linux-azure-fips | All versions | – |
| canonical | linux-fips | All versions | – |
| canonical | linux-gcp-fips | All versions | – |
| canonical | linux-aws-fips | All versions | – |
| canonical | linux-azure-fips | All versions | – |
| canonical | linux-fips | All versions | – |
| canonical | linux-gcp-fips | All versions | – |
| canonical | linux | All versions | – |
| canonical | linux-allwinner-5.19 | All versions | – |
| canonical | linux-aws | All versions | – |
| canonical | linux-aws-5.19 | All versions | – |
| canonical | linux-aws-6.2 | All versions | – |
| canonical | linux-aws-6.5 | All versions | – |
| canonical | linux-aws-6.8 | All versions | – |
| canonical | linux-azure | All versions | – |
| canonical | linux-azure-5.19 | All versions | – |
| canonical | linux-azure-6.2 | All versions | – |
| canonical | linux-azure-6.5 | All versions | – |
| canonical | linux-azure-6.8 | All versions | – |
| canonical | linux-azure-fde | All versions | – |
| canonical | linux-azure-fde-5.19 | All versions | – |
| canonical | linux-azure-fde-6.2 | All versions | – |
| canonical | linux-azure-fde-6.8 | All versions | – |
| canonical | linux-gcp | All versions | – |
| canonical | linux-gcp-5.19 | All versions | – |
| canonical | linux-gcp-6.2 | All versions | – |
| canonical | linux-gcp-6.5 | All versions | – |
| canonical | linux-gcp-6.8 | All versions | – |
| canonical | linux-gke | All versions | – |
| canonical | linux-gkeop | All versions | – |
| canonical | linux-hwe-5.19 | All versions | – |
| canonical | linux-hwe-6.2 | All versions | – |
| canonical | linux-hwe-6.5 | All versions | – |
| canonical | linux-hwe-6.8 | All versions | – |
| canonical | linux-ibm | All versions | – |
| canonical | linux-ibm-6.8 | All versions | – |
| canonical | linux-intel-iot-realtime | All versions | – |
| canonical | linux-intel-iotg | All versions | – |
| canonical | linux-kvm | All versions | – |
| canonical | linux-lowlatency | All versions | – |
| canonical | linux-lowlatency-hwe-5.19 | All versions | – |
| canonical | linux-lowlatency-hwe-6.2 | All versions | – |
| canonical | linux-lowlatency-hwe-6.5 | All versions | – |
| canonical | linux-lowlatency-hwe-6.8 | All versions | – |
| canonical | linux-nvidia | All versions | – |
| canonical | linux-nvidia-6.2 | All versions | – |
| canonical | linux-nvidia-6.5 | All versions | – |
| canonical | linux-nvidia-6.8 | All versions | – |
| canonical | linux-nvidia-tegra | All versions | – |
| canonical | linux-nvidia-tegra-igx | All versions | – |
| canonical | linux-oem-5.17 | All versions | – |
| canonical | linux-oem-6.0 | All versions | – |
| canonical | linux-oem-6.1 | All versions | – |
| canonical | linux-oem-6.5 | All versions | – |
| canonical | linux-oracle | All versions | – |
| canonical | linux-oracle-6.5 | All versions | – |
| canonical | linux-oracle-6.8 | All versions | – |
| canonical | linux-raspi | All versions | – |
| canonical | linux-realtime | All versions | – |
| canonical | linux-riscv | All versions | – |
| canonical | linux-riscv-5.19 | All versions | – |
| canonical | linux-riscv-6.5 | All versions | – |
| canonical | linux-riscv-6.8 | All versions | – |
| canonical | linux-starfive-5.19 | All versions | – |
| canonical | linux-starfive-6.2 | All versions | – |
| canonical | linux-starfive-6.5 | All versions | – |
| canonical | linux-xilinx-zynqmp | All versions | – |
| canonical | linux-bluefield | All versions | – |
| canonical | linux-aws-fips | All versions | – |
| canonical | linux-azure-fips | All versions | – |
| canonical | linux-fips | All versions | – |
| canonical | linux-gcp-fips | All versions | – |
| canonical | linux-aws-fips | All versions | – |
| canonical | linux-azure-fips | All versions | – |
| canonical | linux-fips | All versions | – |
| canonical | linux-gcp-fips | All versions | – |
| canonical | linux-intel-iot-realtime | All versions | – |
| canonical | linux-realtime | All versions | – |
| canonical | linux-realtime-6.8 | All versions | – |
| canonical | linux | All versions | – |
| canonical | linux-aws | All versions | – |
| canonical | linux-aws-6.14 | All versions | – |
| canonical | linux-aws-6.17 | All versions | – |
| canonical | linux-azure | All versions | – |
| canonical | linux-azure-6.11 | All versions | – |
| canonical | linux-azure-6.14 | All versions | – |
| canonical | linux-azure-6.17 | All versions | – |
| canonical | linux-azure-fde | All versions | – |
| canonical | linux-azure-fde-6.14 | All versions | – |
| canonical | linux-azure-fde-6.17 | All versions | – |
| canonical | linux-azure-nvidia | All versions | – |
| canonical | linux-azure-nvidia-6.14 | All versions | – |
| canonical | linux-gcp | All versions | – |
| canonical | linux-gcp-6.11 | All versions | – |
| canonical | linux-gcp-6.14 | All versions | – |
| canonical | linux-gcp-6.17 | All versions | – |
| canonical | linux-gke | All versions | – |
| canonical | linux-gkeop | All versions | – |
| canonical | linux-hwe-6.11 | All versions | – |
| canonical | linux-hwe-6.14 | All versions | – |
| canonical | linux-hwe-6.17 | All versions | – |
| canonical | linux-ibm | All versions | – |
| canonical | linux-lowlatency | All versions | – |
| canonical | linux-lowlatency-hwe-6.11 | All versions | – |
| canonical | linux-nvidia | All versions | – |
| canonical | linux-nvidia-6.11 | All versions | – |
| canonical | linux-nvidia-lowlatency | All versions | – |
| canonical | linux-nvidia-tegra | All versions | – |
| canonical | linux-oem-6.11 | All versions | – |
| canonical | linux-oem-6.14 | All versions | – |
| canonical | linux-oem-6.17 | All versions | – |
| canonical | linux-oem-6.8 | All versions | – |
| canonical | linux-oracle | All versions | – |
| canonical | linux-oracle-6.14 | All versions | – |
| canonical | linux-oracle-6.17 | All versions | – |
| canonical | linux-raspi | All versions | – |
| canonical | linux-raspi-realtime | All versions | – |
| canonical | linux-realtime | All versions | – |
| canonical | linux-riscv | All versions | – |
| canonical | linux-riscv-6.14 | All versions | – |
| canonical | linux-riscv-6.17 | All versions | – |
| canonical | linux-xilinx | All versions | – |
| canonical | linux-aws-fips | All versions | – |
| canonical | linux-azure-fips | All versions | – |
| canonical | linux-fips | All versions | – |
| canonical | linux-gcp-fips | All versions | – |
| canonical | linux-raspi-realtime | All versions | – |
| canonical | linux-realtime | All versions | – |
| canonical | linux-realtime-6.14 | All versions | – |
| canonical | linux | All versions | – |
| canonical | linux-aws | All versions | – |
| canonical | linux-azure | All versions | – |
| canonical | linux-azure-fde | All versions | – |
| canonical | linux-gcp | All versions | – |
| canonical | linux-oracle | All versions | – |
| canonical | linux-raspi | All versions | – |
| canonical | linux-realtime | All versions | – |
| canonical | linux-riscv | All versions | – |
Original title
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rat...
Original description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate 22050 / pps 1000, and packsize[0] 22 packsize[1] 23. The buffer size for each data URB is maxpacksize * packets, which in this example is 40 * 6 = 240; When the user performs a write operation to send audio data into the ALSA PCM playback stream, the calculated number of frames is packsize[0] * packets = 264, which exceeds the allocated URB buffer size, triggering the out-of-bounds (OOB) issue reported by syzbot [1]. Added a check for the number of single data URB frames when calculating the number of frames to prevent [1]. [1] BUG: KASAN: slab-out-of-bounds in copy_to_urb+0x261/0x460 sound/usb/pcm.c:1487 Write of size 264 at addr ffff88804337e800 by task syz.0.17/5506 Call Trace: copy_to_urb+0x261/0x460 sound/usb/pcm.c:1487 prepare_playback_urb+0x953/0x13d0 sound/usb/pcm.c:1611 prepare_outbound_urb+0x377/0xc50 sound/usb/endpoint.c:333
- https://ubuntu.com/security/CVE-2026-23208 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-23208 Third Party Advisory
- https://git.kernel.org/linus/ef5749ef8b307bf8717945701b1b79d036af0a15 Third Party Advisory
- https://git.kernel.org/stable/c/62932d9ed639a9fa71b4ac1a56766a4b43abb7e4 Third Party Advisory
- https://git.kernel.org/stable/c/ef5749ef8b307bf8717945701b1b79d036af0a15 Third Party Advisory
Published: 14 Feb 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026