CVE-2026-43279

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: usb-audio: Add sanity check for OOB writes at silencing<br /> <br /> At silencing the playback URB packets in the implicit fb mode before<br /> the actual playback, we blindly assume that the received packets fit<br /> with the buffer size. But when the setup in the capture stream<br /> differs from the playback stream (e.g. due to the USB core limitation<br /> of max packet size), such an inconsistency may lead to OOB writes to<br /> the buffer, resulting in a crash.<br /> <br /> For addressing it, add a sanity check of the transfer buffer size at<br /> prepare_silent_urb(), and stop the data copy if the received data<br /> overflows. Also, report back the transfer error properly from there,<br /> too.<br /> <br /> Note that this doesn&amp;#39;t fix the root cause of the playback error<br /> itself, but this merely covers the kernel Oops.