Use-After-Free Vulnerability in Linux Kernel USB Audio Mixer Component
CVE-2026-23089

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 February 2026

What is CVE-2026-23089?

A vulnerability in the Linux kernel's USB audio mixer component has been identified, where the snd_usb_mixer_free() function can improperly reference freed memory. Specifically, if snd_usb_create_mixer() fails, the mixer controls retain a reference to memory that has been released. When the snd_card_register() function is called, it triggers callbacks from the OSS mixer layer that may lead to undefined behavior or system crashes due to accessing deallocated memory. To mitigate this issue, the fix involves ensuring that snd_ctl_remove() is called for all mixer controls prior to releasing the id_elems, preserving memory integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 6639b6c2367f884ca172b78d69f7da17bfab2e5e < 51b1aa6fe7dc87356ba58df06afb9677c9b841ea

Linux 6639b6c2367f884ca172b78d69f7da17bfab2e5e < 56fb6efd5d04caf6f14994d51ec85393b9a896c6

Linux 6639b6c2367f884ca172b78d69f7da17bfab2e5e < 7009daeefa945973a530b2f605fe445fc03747af

References

https://git.kernel.org/stable/c/51b1aa6fe7dc87356ba58df06...
https://git.kernel.org/stable/c/56fb6efd5d04caf6f14994d51...
https://git.kernel.org/stable/c/7009daeefa945973a530b2f60...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.