Linux Kernel Vulnerability in ALSA Dummy Sequencer Event Handling
CVE-2026-53241

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53241?

A vulnerability in the Linux kernel's ALSA subsystem affects the dummy sequencer's event handling. This issue arises when an incoming UMP event is copied into a smaller legacy stack temporary, leading to a stack overread. Instead of supporting the full UMP packet size, the system incorrectly processes the event while retaining the UMP flag. If not resolved, this vulnerability may allow the delivery of larger-than-expected packets, potentially resulting in unintended memory access and stability issues. The fixed implementation leverages an existing union to safely copy event data while preserving compatibility with legacy event handling.

Affected Version(s)

Linux 32cb23a0f911317cdb5030035e49a204aa86fef5

Linux 32cb23a0f911317cdb5030035e49a204aa86fef5 < 6671a46144f880c5a167930ebb14c12f3d059fe9

Linux 32cb23a0f911317cdb5030035e49a204aa86fef5 < 6676b6063440561db600494049ce7ffb695c8cc4

References

https://git.kernel.org/stable/c/a7ef78a2c536242ccb7a4429d...

https://git.kernel.org/stable/c/6671a46144f880c5a167930eb...

https://git.kernel.org/stable/c/6676b6063440561db60049404...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53241 Data

JSON