Back to overview

CVE-2026-53192

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at snd_timer_user_params() At releasing a timer object, e.g. when a userspace timer (CONFIG_SND_UTIMER) gets closed and snd_timer_free() is called, it tries to detach the timer instances and release the resources. However, it's still possible that other in-flight tasks are holding the timer instance where the to-be-deleted timer object is associated, and this may lead to racy accesses. Fortunately, most of ioctls dealing with the timer instance list already have the protection with register_mutex, and this also avoids such races. But, SNDRV_TIMER_IOCTL_PARAMS isn't protected, hence the concurrent ioctl may lead to use-after-free. This patch just adds the guard with register_mutex to protect snd_timer_user_params() for covering the code path as a quick workaround. It's no hot-path but rather a rarely issued ioctl, so the performance penalty doesn't matter.

Metadata

CVE ID
CVE-2026-53192
State
PUBLISHED
Assigner
Linux
Reserved
2026-06-09 07:44 UTC
Published
2026-06-25 08:39 UTC
Last updated
2026-06-25 08:39 UTC
Vendor / Product
Linux / Linux
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (2)
VendorProductPlatformVersions
Linux Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 92ad2d7f80cad43b046f093e808e11fe919d304a, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 117743d62e1225e208568a3ffc2c07214f1347cb, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b2214914e461d0466548a52dfe4f4ee8ce362276, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < e2331730175f74169046d2af8db1b47243df7c7a …
Linux Linux 5.10.259 ≤ 5.10.*, 5.15.210 ≤ 5.15.*, 6.1.176 ≤ 6.1.*, 6.6.143 ≤ 6.6.* …
References (8)
Back to overview