CVE-2026-46090

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

ALSA: aloop: Fix peer runtime UAF during format-change stop

loopback_check_format() may stop the capture side when playback starts
with parameters that no longer match a running capture stream. Commit
826af7fa62e3 ('ALSA: aloop: Fix racy access at PCM trigger') moved
the peer lookup under cable->lock, but the actual snd_pcm_stop() still
runs after dropping that lock.

A concurrent close can clear the capture entry from cable->streams[] and
detach or free its runtime while the playback trigger path still holds a
stale peer substream pointer.

Keep a per-cable count of in-flight peer stops before dropping
cable->lock, and make free_cable() wait for those stops before
detaching the runtime. This preserves the existing behavior while
making the peer runtime lifetime explicit.

https://git.kernel.org/stable/c/03f52a9c170431e8f10e156b9dc…

https://git.kernel.org/stable/c/03f52a9c170431e8f10e156b9dc0dae80b3e9198

https://git.kernel.org/stable/c/5d45e34bf001344e2966dabca18…

https://git.kernel.org/stable/c/5d45e34bf001344e2966dabca1897561bbc9e913

https://git.kernel.org/stable/c/bdd9503c3d222d2735b56c7a8b4…

https://git.kernel.org/stable/c/bdd9503c3d222d2735b56c7a8b4422ccf3de6e5c

https://git.kernel.org/stable/c/e5c33cdc6f402eab8abd36ecf43…

https://git.kernel.org/stable/c/e5c33cdc6f402eab8abd36ecf436b22c9d3a8aff

CVE-2026-46090

Description

Iscriviti alla newsletter