CVE-2026-31620

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0<br /> <br /> A malicious USB device with the TASCAM US-144MKII device id can have a<br /> configuration containing bInterfaceNumber=1 but no interface 0. USB<br /> configuration descriptors are not required to assign interface numbers<br /> sequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will<br /> then be dereferenced directly.<br /> <br /> Fix this up by checking the return value properly.