7.8

CVE-2026-53242

ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams

In the Linux kernel, the following vulnerability has been resolved:

ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams

snd_pcm_drain() uses init_waitqueue_entry which does not clear
entry.prev/next, and add_wait_queue with a conditional
remove_wait_queue that is skipped when to_check is no longer
in the group after concurrent UNLINK.  The orphaned wait entry
remains on the unlinked substream sleep queue.  On the next
drain iteration, add_wait_queue adds the entry to a new queue
while still linked on the old one, corrupting both lists.  A
subsequent wake_up dereferences NULL at the func pointer
(mapped from the spinlock at offset 0 of the misinterpreted
wait_queue_head_t), causing a kernel panic.

Replace init_waitqueue_entry/add_wait_queue/conditional
remove_wait_queue with init_wait_entry/prepare_to_wait/
finish_wait.  init_wait_entry clears prev/next via
INIT_LIST_HEAD on each iteration and sets
autoremove_wake_function which auto-removes the entry on
wake-up.  finish_wait safely handles both the already-removed
and still-queued cases.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10.253 < 5.10.259
LinuxLinux Kernel Version >= 6.1.167 < 6.1.176
LinuxLinux Kernel Version >= 6.6.130 < 6.6.143
LinuxLinux Kernel Version >= 6.12.78 < 6.12.94
LinuxLinux Kernel Version >= 6.18.19 < 6.18.36
LinuxLinux Kernel Version >= 6.19.9 < 7.0
LinuxLinux Kernel Version >= 7.0.1 < 7.0.13
LinuxLinux Kernel Version7.0 Update-
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc7
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
LinuxLinux Kernel Version7.1 Updaterc3
LinuxLinux Kernel Version7.1 Updaterc4
LinuxLinux Kernel Version7.1 Updaterc5
LinuxLinux Kernel Version7.1 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.036
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/cac5bf3500ee6422cf64e0df0b5daeecfed42917
Patch
https://git.kernel.org/stable/c/d842f26a167e77a36f3ed333b9fa99d36ef99fe6
Patch
https://git.kernel.org/stable/c/d68b621bb5a48051932f1017a6e1bc9b18f854d0
Patch
https://git.kernel.org/stable/c/b053fcd8912f06c30f932f5b8ec41c72de474695
Patch
https://git.kernel.org/stable/c/cd98837db15f323463b8df07282ac723bd5c3fed
Patch
https://git.kernel.org/stable/c/7c71a9522555ff137a9ca36b15d759ca04d84788
Patch
https://git.kernel.org/stable/c/88fe2e3658726cb21ff2dcf9770bf672f9b9d31b
Patch