CVE-2026-46157
Race Condition in Linux Kernel ALSA PCM OSS Subsystem
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Linux kernel to a version where the ALSA pcm oss component has been fixed to protect the runtime.oss.trigger field with the existing params_lock mutex. This prevents the data race condition.
Since the issue is a data race in the kernel ALSA subsystem, applying the official patch or upgrading to a kernel version released after 2026-05-28 that includes this fix is the recommended immediate step.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ALSA pcm oss component. It involves a data race condition when accessing the runtime.oss.trigger field. Because this field is a bit field, concurrent access without proper synchronization can cause overwriting of other bits, leading to incorrect operation. The issue was identified through fuzzing and fixed by protecting the runtime.oss.trigger field with an existing mutex lock.
How can this vulnerability impact me? :
The data race in accessing the runtime.oss.trigger bit field can cause unpredictable behavior in the ALSA pcm oss component of the Linux kernel. This may lead to corrupted data or malfunctioning audio operations, potentially causing system instability or unexpected behavior in applications relying on this audio subsystem.