CVE-2026-46090
Published: May 27, 2026
Modified: May 30, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 ("ALSA: aloop: Fix racy access at PCM trigger") moved the peer lookup under cable->lock, but the actual snd_pcm_stop() still runs after dropping that lock. A concurrent close can clear the capture entry from cable->streams[] and detach or free its runtime while the playback trigger path still holds a stale peer substream pointer. Keep a per-cable count of in-flight peer stops before dropping cable->lock, and make free_cable() wait for those stops before detaching the runtime. This preserves the existing behavior while making the peer runtime lifetime explicit.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 597603d615d2b19a9e451d8cfac24372856a522d - < 03f52a9c170431e8f10e156b9dc0dae80b3e9198affected 597603d615d2b19a9e451d8cfac24372856a522d - < bdd9503c3d222d2735b56c7a8b4422ccf3de6e5caffected 597603d615d2b19a9e451d8cfac24372856a522d - < 5d45e34bf001344e2966dabca1897561bbc9e913affected 597603d615d2b19a9e451d8cfac24372856a522d - < e5c33cdc6f402eab8abd36ecf436b22c9d3a8aff |
Linux | Linux | affected 2.6.37unaffected 0 - < 2.6.37unaffected 6.12.88 - <= 6.12.*unaffected 6.18.27 - <= 6.18.*unaffected 7.0.4 - <= 7.0.*+1 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now