Linux Kernel ALSA PCM Buffer Preallocation Race Condition Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Advanced Linux Sound Architecture (ALSA) subsystem has been addressed. The issue stemmed from a lack of synchronization during concurrent preallocation of PCM (Pulse Code Modulation) buffers via proc files. This oversight could potentially lead to a use-after-free condition or other related problems. The vulnerability has been mitigated by applying the PCM open mutex to the proc write operation, thereby preventing the race conditions associated with concurrent proc writes and PCM stream operations.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ALSA PCM Buffer Preallocation Race Condition Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating