Skip to main content

Linux Kernel EUVDEUVD-2026-32806

| CVE-2026-46179 MEDIUM
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-7h37-jgm9-x3f2
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local attack requiring low-privilege access to the audio device; divide-by-zero impacts only kernel availability with no confidentiality or integrity consequence.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 11, 2026 - 05:11 vuln.today
CVSS changed
Jun 11, 2026 - 03:07 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Don't allow pointer operations on unconfigured streams

When reporting the pointer for a compressed stream we report the current I/O frame position by dividing the position by the number of channels multiplied by the number of container bytes. These values default to 0 and are only configured as part of setting the stream parameters so this allows a divide by zero to be configured. Validate that they are non zero, returning an error if not

AnalysisAI

Divide-by-zero in the Linux kernel ASoC SOF compressed audio subsystem allows a low-privileged local user to crash the kernel by querying stream pointer position before stream parameters are configured. Affected are Linux kernel stable branches 6.6 through 7.0 (pre-patch), all running on hardware with SOF audio drivers loaded. No active exploitation has been confirmed - EPSS sits at 0.02% (5th percentile) and the vulnerability is absent from CISA KEV - making this a medium-severity availability risk relevant primarily to multi-user desktop and embedded audio platforms.

Technical ContextAI

The ASoC (ALSA System on Chip) SOF (Sound Open Firmware) subsystem manages audio hardware on platforms using Intel's DSP-based audio architecture. When reporting the playback pointer position for a compressed audio stream, the kernel divides the I/O frame position by the product of the channel count and the container byte size. Both values are zero-initialized and are only populated when stream parameters are explicitly configured via the ALSA compressed audio API (snd_compr_ioctl). If a pointer query is issued before that parameter configuration step completes, the division-by-zero fault fires in kernel context. The CPE string cpe:2.3:o:linux:linux_kernel:* confirms this affects the upstream Linux kernel across multiple stable branches. Although CWE is listed as N/A, the root cause class is effectively CWE-369 (Divide By Zero) combined with CWE-20 (Improper Input Validation) - specifically a missing pre-condition guard on a kernel-mode arithmetic operation.

RemediationAI

The primary fix is upgrading to a patched kernel release: Linux 6.6.140, 6.12.88, 6.18.30, 7.0.7, or 7.1-rc1. Upstream fix commits are available at https://git.kernel.org/stable/c/0f0c0c1397a42aacaacae828206ee1b921623952, https://git.kernel.org/stable/c/327a64241f30c74b6f35537eb9e1fc6c3cbe060b, https://git.kernel.org/stable/c/4f42dd01f5217465f23a763e27b3984e114d0972, https://git.kernel.org/stable/c/98ed1383f597f8a45b6cb816bb20b96d46eeceda, https://git.kernel.org/stable/c/c5b6285aae050ff1c3ea824ca3d88ac4be1e67c8, and https://git.kernel.org/stable/c/76ff6bfc9a809571793f425ba99f6a759108dcf8. If immediate patching is not feasible, restrict access to compressed audio stream character devices (/dev/snd/comprC*D*) to trusted users only via udev rules or file permissions - this prevents untrusted local users from opening the interface and limits the attack surface with minimal operational impact. Alternatively, unloading the snd-sof kernel module (modprobe -r snd-sof) on systems that do not require SOF audio functionality eliminates the vulnerable code path entirely, at the cost of disabling audio on Intel SOF-based hardware.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

EUVD-2026-32806 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy