Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-27T00:00:00 kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-364

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 ("ALSA: aloop: Fix racy access at PCM trigger") moved the peer lookup under cable->lock, but the actual snd_pcm_stop() still runs after dropping that lock. A concurrent close can clear the capture entry from cable->streams[] and detach or free its runtime while the playback trigger path still holds a stale peer substream pointer. Keep a per-cable count of in-flight peer stops before dropping cable->lock, and make free_cable() wait for those stops before detaching the runtime. This preserves the existing behavior while making the peer runtime lifetime explicit.

A flaw was found in the Linux kernel's ALSA (Advanced Linux Sound Architecture) aloop driver. This Use-After-Free (UAF) vulnerability occurs when loopback_check_format() stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could potentially exploit this to cause a system crash or achieve arbitrary code execution.

Red Hat Enterprise Linux 8 2026-06-19T00:00:00Z RHSA-2026:27354 kernel-rt-0:4.18.0-553.136.1.rt7.477.el8_10 Red Hat Enterprise Linux 8 2026-06-19T00:00:00Z RHSA-2026:27353 kernel-0:4.18.0-553.136.1.el8_10 Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Under investigation kernel Red Hat Enterprise Linux 7 Affected kernel Red Hat Enterprise Linux 7 Affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-46090 https://nvd.nist.gov/vuln/detail/CVE-2026-46090 https://lore.kernel.org/linux-cve-announce/2026052702-CVE-2026-46090-1211@gregkh/T