Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Fix buffer overflow in config retrieval The scarlett2_usb_get_config() function has a logic error in the endianness conversion code that can cause buffer overflows when count > 1. The code checks `if (size == 2)` where `size` is the total buffer size in bytes, then loops `count` times treating each element as u16 (2 bytes). This causes the loop to access `count * 2` bytes when the buffer only has `size` bytes allocated. Fix by checking the element size (config_item->size) instead of the total buffer size. This ensures the endianness conversion matches the actual element type.

INFO

Published Date :

2026-02-04T16:08:03.283Z

Last Modified :

2026-02-09T08:38:17.910Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23078 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23078.

URL Resource
https://git.kernel.org/stable/c/27049f50be9f5ae3a62d272128ce0b381cb26a24 cve-icon cve-icon
https://git.kernel.org/stable/c/31a3eba5c265a763260976674a22851e83128f6d cve-icon cve-icon
https://git.kernel.org/stable/c/51049f6e3f05d70660e2458ad3bb302a3721b751 cve-icon cve-icon
https://git.kernel.org/stable/c/6f5c69f72e50d51be3a8c028ae7eda42c82902cb cve-icon cve-icon
https://git.kernel.org/stable/c/91a756d22f0482eac5bedb113c8922f90b254449 cve-icon cve-icon
https://git.kernel.org/stable/c/d5e80d1f97ae55bcea1426f551e4419245b41b9c cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026020420-CVE-2026-23078-61cc@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23078 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23078 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact