Use-After-Free Vulnerability in Linux Kernel ALSA Loopback Audio Driver
CVE-2026-46090

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-46090?

A Use-After-Free vulnerability exists in the ALSA loopback audio driver of the Linux kernel, specifically in the handling of playback and capture channels. The flaw arises during format changes when the playback begins with mismatched parameters to the ongoing capture stream. This scenario can lead to a stale pointer being dereferenced if concurrent actions occur, potentially causing system instability or crashes. To mitigate this, modifications have been implemented to ensure proper management of peer runtime lifecycles, ensuring that the system maintains stability during playback and capture stream transitions.

Affected Version(s)

Linux 597603d615d2b19a9e451d8cfac24372856a522d < 03f52a9c170431e8f10e156b9dc0dae80b3e9198

Linux 597603d615d2b19a9e451d8cfac24372856a522d

Linux 597603d615d2b19a9e451d8cfac24372856a522d < 5d45e34bf001344e2966dabca1897561bbc9e913

References

https://git.kernel.org/stable/c/03f52a9c170431e8f10e156b9...

https://git.kernel.org/stable/c/bdd9503c3d222d2735b56c7a8...

https://git.kernel.org/stable/c/5d45e34bf001344e2966dabca...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46090 Data

JSON