Skip to main content

Linux Kernel EUVDEUVD-2026-25513

| CVE-2026-31620 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-04-24 Linux GHSA-jg3h-4jh8-mfwr
4.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
4.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
Apr 28, 2026 - 14:22 vuln.today
CVSS changed
Apr 28, 2026 - 14:22 NVD
4.6 (MEDIUM)
Patch released
Apr 28, 2026 - 14:11 nvd
Patch available
Patch available
Apr 24, 2026 - 16:16 EUVD
EUVD ID Assigned
Apr 24, 2026 - 15:00 euvd
EUVD-2026-25513
Analysis Generated
Apr 24, 2026 - 15:00 vuln.today
CVE Published
Apr 24, 2026 - 14:42 nvd
MEDIUM 4.6

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0

A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configuration descriptors are not required to assign interface numbers sequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will then be dereferenced directly.

Fix this up by checking the return value properly.

AnalysisAI

Null pointer dereference in the ALSA TASCAM US-144MKII USB audio driver allows local attackers with physical access to a malicious USB device to cause a kernel panic and denial of service. The vulnerability exists because the driver fails to validate that USB interface 0 exists before dereferencing it, and attackers can craft a malicious USB configuration that includes only interface 1, triggering the crash when the device is connected.

Technical ContextAI

The vulnerability resides in the ALSA (Advanced Linux Sound Architecture) usx2y subsystem, specifically in the US-144MKII USB audio device driver. The root cause is a missing NULL pointer check after calling usb_ifnum_to_if(dev, 0), which retrieves the USB interface descriptor for a given interface number. The USB standard does not require interface numbers to be assigned sequentially; a device configuration may contain interface 1 without interface 0. The driver assumes interface 0 always exists and dereferences the returned pointer directly without validation, violating CWE-476 (NULL Pointer Dereference). This is a logical error in device initialization code that processes untrusted USB descriptors provided by the device firmware.

RemediationAI

Apply the upstream kernel patch from commit fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602 (or the equivalent backport commits 09b145c1f1331c40dc955c0024d636f25417cddb for 6.18.24 and d04dd67ab10dc978c6c843c6bd6a2a66a9444f51 for 6.19.14). Users should upgrade to Linux kernel versions 6.18.24, 6.19.14, 7.0.1, or newer. The fix adds a NULL pointer check before dereferencing the interface descriptor returned by usb_ifnum_to_if(). As a temporary workaround on systems where immediate kernel upgrade is not feasible, physically prevent connection of untrusted USB devices by disabling USB ports or using USB device policies (e.g., udev rules to block unknown USB audio devices), though this is not a robust mitigation for multi-user systems. The patch carries no functional risk and does not affect normal operation of valid TASCAM US-144MKII devices or other USB audio equipment.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-25513 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy