cve 2026-46018

CVE-2026-46018 is a Linux kernel vulnerability disclosed by kernel.org and published by NVD on May 27, 2026. It affects the ALSA USB-audio driver's handling of malformed USB Audio Class 2 sample-rate range responses. The flaw is local and device-adjacent: a hostile or broken USB audio device can cause excessive kernel work, repeated errors, and prolonged mutex holding during probe. While not an emergency-level threat, it represents a recurring driver-edge bug in modern kernels. This tag covers discussions about the CVE-2026-46018 fix, its impact on ALSA USB Audio UAC2 range parsing, and broader implications for Linux kernel security.