Use-After-Free Vulnerability in Linux Kernel Sound Card Management
CVE-2026-43459

7.3HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43459?

A use-after-free vulnerability has been identified in the sound card management of the Linux kernel. This issue arises when a sound card is unbound while a PCM stream remains open, potentially leading to memory corruption. Specifically, the vulnerability occurs due to improper handling in the snd_soc_dapm_stream_event() function, which allows for new delayed work to be scheduled even after the sound card's resources are being cleaned up. If not addressed, this may result in the system's memory being accessed incorrectly, posing security risks to users and affecting system stability.

Affected Version(s)

Linux e894efef9ac7c10b7727798dcc711cccf07569f9

Linux e894efef9ac7c10b7727798dcc711cccf07569f9 < 3887e514978d28216246360b46a9cb534969eb5a

Linux e894efef9ac7c10b7727798dcc711cccf07569f9 < 231568afbc0cd25b8fb2a94ebf9738eabe1cf007

References

https://git.kernel.org/stable/c/bf80a89da97285d9b877e0c69...

https://git.kernel.org/stable/c/3887e514978d28216246360b4...

https://git.kernel.org/stable/c/231568afbc0cd25b8fb2a94eb...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43459 Data

JSON