CVE-2026-23076
Published: 04 February 2026
Summary
CVE-2026-23076 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB read in kernel ALSA driver enables local info disclosure (T1212) and DoS via crash (T1499.004); commonly facilitates priv esc (T1068) via leaks.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix potential OOB access in audio mixer handling In the audio mixer handling code of ctxfi driver, the conf field is used as a kind of loop index,…
more
and it's referred in the index callbacks (amixer_index() and sum_index()). As spotted recently by fuzzers, the current code causes OOB access at those functions. | UBSAN: array-index-out-of-bounds in /build/reproducible-path/linux-6.17.8/sound/pci/ctxfi/ctamixer.c:347:48 | index 8 is out of range for type 'unsigned char [8]' After the analysis, the cause was found to be the lack of the proper (re-)initialization of conj field. This patch addresses those OOB accesses by adding the proper initializations of the loop indices.
Deeper analysisAI
CVE-2026-23076 is a vulnerability in the Linux kernel's ALSA subsystem, specifically within the ctxfi driver's audio mixer handling code in sound/pci/ctxfi/ctamixer.c. The issue involves potential out-of-bounds (OOB) array access when the conf field is used as a loop index and referenced in the amixer_index() and sum_index() callbacks. Fuzzing identified this as an array-index-out-of-bounds error, where an index of 8 exceeds the bounds of an unsigned char array of size 8, stemming from a lack of proper reinitialization of the conf field. The vulnerability is classified under CWE-125 (Out-of-bounds Read) with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation allows high-impact confidentiality violations, such as information disclosure through OOB reads, and high-impact availability disruptions, potentially leading to denial of service via kernel crashes or instability, while integrity impacts are none.
Mitigation requires applying the relevant Linux kernel stable patches, available in the following commits: 61006c540cbdedea83b05577dc7fb7fa18fe1276, 6524205326e0c1a21263b5c14e48e14ef7e449ae, 873e2360d247eeee642878fcc3398babff7e387c, 8c1d09806e1441bc6a54b9a4f2818918046d5174, and a8c42d11b0526a89192bd2f79facb4c60c8a1f38. These patches address the root cause by adding proper initializations for the loop indices in the affected functions.
Details
- CWE(s)