Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-24T00:00:00 kernel: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-476

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configuration descriptors are not required to assign interface numbers sequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will then be dereferenced directly. Fix this up by checking the return value properly.

A flaw was found in the Linux kernel, specifically within the ALSA usx2y driver for the TASCAM US-144MKII audio interface. A malicious USB device, crafted to have an invalid configuration with a missing interface, can cause the driver to attempt to access a non-existent memory location (a NULL dereference). This can lead to a system crash, resulting in a Denial of Service (DoS).

Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-31620 https://nvd.nist.gov/vuln/detail/CVE-2026-31620 https://lore.kernel.org/linux-cve-announce/2026042425-CVE-2026-31620-8a5a@gregkh/T