{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31620", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.123Z", "datePublished": "2026-04-24T14:42:38.607Z", "dateUpdated": "2026-05-11T22:12:19.891Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:12:19.891Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usx2y: us144mkii: fix NULL deref on missing interface 0\n\nA malicious USB device with the TASCAM US-144MKII device id can have a\nconfiguration containing bInterfaceNumber=1 but no interface 0. USB\nconfiguration descriptors are not required to assign interface numbers\nsequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will\nthen be dereferenced directly.\n\nFix this up by checking the return value properly."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/usb/usx2y/us144mkii.c"], "versions": [{"version": "dee1bcf28a3dd13ddb2e9200407864f73e9c4d63", "lessThan": "09b145c1f1331c40dc955c0024d636f25417cddb", "status": "affected", "versionType": "git"}, {"version": "dee1bcf28a3dd13ddb2e9200407864f73e9c4d63", "lessThan": "fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602", "status": "affected", "versionType": "git"}, {"version": "dee1bcf28a3dd13ddb2e9200407864f73e9c4d63", "lessThan": "d04dd67ab10dc978c6c843c6bd6a2a66a9444f51", "status": "affected", "versionType": "git"}, {"version": "dee1bcf28a3dd13ddb2e9200407864f73e9c4d63", "lessThan": "48bd344e1040b9f2eb512be73c13f5db83efc191", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/usb/usx2y/us144mkii.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.24", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.14", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.1", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/09b145c1f1331c40dc955c0024d636f25417cddb"}, {"url": "https://git.kernel.org/stable/c/fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602"}, {"url": "https://git.kernel.org/stable/c/d04dd67ab10dc978c6c843c6bd6a2a66a9444f51"}, {"url": "https://git.kernel.org/stable/c/48bd344e1040b9f2eb512be73c13f5db83efc191"}], "title": "ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C4EAA6A-7949-4B29-BD69-5BB05C4D1A6B", "versionEndExcluding": "6.18.24", "versionStartIncluding": "6.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6A8A074-BBF4-4803-ABED-519A839435BB", "versionEndExcluding": "6.19.14", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B5888AB-7403-4335-89E4-21CC0B48366A", "versionEndExcluding": "7.0.1", "versionStartIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usx2y: us144mkii: fix NULL deref on missing interface 0\n\nA malicious USB device with the TASCAM US-144MKII device id can have a\nconfiguration containing bInterfaceNumber=1 but no interface 0. USB\nconfiguration descriptors are not required to assign interface numbers\nsequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will\nthen be dereferenced directly.\n\nFix this up by checking the return value properly."}], "id": "CVE-2026-31620", "lastModified": "2026-04-28T14:11:42.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T15:16:41.280", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/09b145c1f1331c40dc955c0024d636f25417cddb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/48bd344e1040b9f2eb512be73c13f5db83efc191"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d04dd67ab10dc978c6c843c6bd6a2a66a9444f51"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0", "id": "2461469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461469"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A flaw was found in the Linux kernel, specifically within the ALSA usx2y driver for the TASCAM US-144MKII audio interface. A malicious USB device, crafted to have an invalid configuration with a missing interface, can cause the driver to attempt to access a non-existent memory location (a NULL dereference). This can lead to a system crash, resulting in a Denial of Service (DoS)."], "name": "CVE-2026-31620", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31620\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31620\nhttps://lore.kernel.org/linux-cve-announce/2026042425-CVE-2026-31620-8a5a@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[dee1bcf28a3dd13ddb2e9200407864f73e9c4d63,09b145c1f1331c40dc955c0024d636f25417cddb)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[dee1bcf28a3dd13ddb2e9200407864f73e9c4d63,fbaf29ce00e7bce683f3faf4f2b326bd0a9e6602)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[dee1bcf28a3dd13ddb2e9200407864f73e9c4d63,d04dd67ab10dc978c6c843c6bd6a2a66a9444f51)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[dee1bcf28a3dd13ddb2e9200407864f73e9c4d63,48bd344e1040b9f2eb512be73c13f5db83efc191)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.24,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.14,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.1,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.1-rc1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T23:38:23.428098+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the ALSA NULL deref fix (commit 09b145c1f1331c40dc955c0024d636f25417cddb or later).", "If a kernel update is not immediately possible, block the problematic TASCAM device by adding a udev rule that rejects USB devices with the idVendor and idProduct corresponding to the TASCAM US-144MKII, or temporarily disable the ALSA USB driver for that device. ", "After applying the kernel update or patch, reboot the system to load the new kernel and ensure the issue is resolved."], "summary": {"action": "Patch", "impact": "Kernel crash leading to denial of service"}, "threat_synthesis": {"affected_systems": "All Linux kernels that include the ALSA USB driver prior to the patch commit are affected. The vendor is the Linux kernel (generic). No specific kernel version ranges are listed, so any kernel before the fix can be considered vulnerable.", "description_and_impact": "The vulnerability resides in the Linux kernel\u2019s ALSA USB subsystem for the TASCAM US-144MKII device. When a device presents a configuration that declares interface\u202f1 but omits interface\u202f0, the kernel call usb_ifnum_to_if(dev,\u202f0) returns NULL. This NULL pointer is dereferenced without a preceding validity check, causing a kernel panic. The resulting crash leads to a denial of service; no other impact such as privilege escalation is documented.", "risk_and_exploitability": "The CVSS score of 4.6 indicates medium severity. The EPSS score of <1% shows exploitation probability is very low. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker must physically connect a malicious USB device to the target system to trigger the crash. The impact is a kernel panic resulting in a system reboot and loss of service; no privilege escalation is described."}}}}, "created": "2026-04-27T18:45:11.329654+00:00", "updated": "2026-04-28T23:45:16.056274+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}