Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-28T00:00:00 kernel: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-820

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it may lead to more severe problem because it's a bit field; as writing the data, it may overwrite other bit fields as well, which confuses the operation completely, as spotted by fuzzing. Fix it by covering runtime.oss.trigger bit fled also with the existing params_lock mutex in both snd_pcm_oss_get_trigger() and snd_pcm_oss_poll().

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture (ALSA) Pulse Code Modulation (PCM) Open Sound System (OSS) subsystem. A data race vulnerability exists due to concurrent access to the `runtime.oss.trigger` field without proper protection. This unprotected access can lead to the overwriting of other bit fields, which may confuse the system's operation and potentially lead to integrity issues or denial of service.

Red Hat Enterprise Linux 10 Not affected kernel Red Hat Enterprise Linux 6 Out of support scope kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-46157 https://nvd.nist.gov/vuln/detail/CVE-2026-46157 https://lore.kernel.org/linux-cve-announce/2026052823-CVE-2026-46157-e578@gregkh/T