Linux Kernel ALSA Sequencer OSS Layer SysEx Message Handling Race Condition Vulnerability

Vulnerability

A race condition vulnerability has been identified in the Linux kernel's Advanced Linux Sound Architecture (ALSA) sequencer OSS layer. This issue arises when the OSS sequencer processes SysEx messages that are divided into 6-byte packets. The OSS layer attempts to reassemble these packets, but the current implementation allows for concurrent access to the internal buffer, leading to potential out-of-bounds memory access. To address this issue, a mutex has been introduced to serialize the processing of SysEx message packets.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing memory corruption or allowing for arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ALSA Sequencer OSS Layer SysEx Message Handling Race Condition Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating