VDB

CVE-2026-31620

CVE-2026-31620 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configuration descriptors are not required to assign interface numbers sequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will then be dereferenced directly. Fix this up by checking the return value properly.

EPSS 0.03% · 8.8th percentile

Risk Scores

EPSS Score
0.03%
8.8th percentile

Affected Products

VendorProductVersions
LinuxLinux7.0.1, 6.18.24, 6.19.14
linuxlinux_kernel0, 0, 0

Timeline

  • Apr 24, 2026 CVE Published
  • Apr 24, 2026 Security Advisory
  • Apr 27, 2026 Security Advisory
  • Apr 28, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›