Updated: 2026-01-08 01:42:17.954056
Description:
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.1 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | In Testing | 2026-01-05 20:07:33 | ||
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Ignored | 2025-12-27 04:43:43 | CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo... | |
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Released | CLSA-2026:1767867153 | 2026-01-08 16:44:27 | |
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.1 | HIGH | Needs Triage | 2025-12-23 07:07:49 | ||
| RHEL 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Released | CLSA-2026:1767867718 | 2026-01-08 16:44:26 | |
| Ubuntu 20.04 ELS | linux | 5.4.0 | 7.1 | HIGH | Needs Triage | 2025-12-23 07:31:18 |