CVE-2026-23078

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: scarlett2: Fix buffer overflow in config retrieval<br /> <br /> The scarlett2_usb_get_config() function has a logic error in the<br /> endianness conversion code that can cause buffer overflows when<br /> count &gt; 1.<br /> <br /> The code checks `if (size == 2)` where `size` is the total buffer size in<br /> bytes, then loops `count` times treating each element as u16 (2 bytes).<br /> This causes the loop to access `count * 2` bytes when the buffer only<br /> has `size` bytes allocated.<br /> <br /> Fix by checking the element size (config_item-&gt;size) instead of the<br /> total buffer size. This ensures the endianness conversion matches the<br /> actual element type.