CVE-2026-46088

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
01/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()<br /> <br /> snd_ctl_elem_init_enum_names() advances pointer p through the names<br /> buffer while decrementing buf_len. If buf_len reaches zero but items<br /> remain, the next iteration calls strnlen(p, 0).<br /> <br /> While strnlen(p, 0) returns 0 and would hit the existing name_len == 0<br /> error path, CONFIG_FORTIFY_SOURCE&amp;#39;s fortified strnlen() first checks<br /> maxlen against __builtin_dynamic_object_size(). When Clang loses track<br /> of p&amp;#39;s object size inside the loop, this triggers a BRK exception panic<br /> before the return value is examined.<br /> <br /> Add a buf_len == 0 guard at the loop entry to prevent calling fortified<br /> strnlen() on an exhausted buffer.<br /> <br /> Found by kernel fuzz testing through Xiaomi Smartphone.

Impact