CVE-2026-56109
Received Received - Intake
Double-Free in ALSA Library Configuration Parsing

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: VulnCheck

Description
The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, causing snd_config_delete() to be called twice on the same already-freed node, resulting in a NULL-pointer write or invalid memory read.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-23
AI Q&A
2026-06-22
EPSS Evaluated
N/A
NVD
CVE-2026-56109
EUVD
EUVD-2026-38301
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
alsa_project alsa_lib to 1.2.16.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability is related to a double-free in the ALSA library's parse_def() function when processing ALSA configuration files. Detection would involve checking the version of the alsa-lib installed on your system to see if it is prior to version 1.2.16.1, which contains the fix.

You can detect the vulnerable version by running commands to check the installed alsa-lib version, for example:

  • dpkg -l | grep alsa-lib (on Debian/Ubuntu systems)
  • rpm -qa | grep alsa-lib (on RedHat/CentOS/Fedora systems)
  • alsa-lib version can also be checked by querying the package manager or inspecting the library files.

Additionally, monitoring for crashes or segmentation faults (SIGSEGV) related to ALSA configuration parsing could indicate exploitation attempts, but no specific detection commands or network signatures are provided.

Executive Summary

The vulnerability exists in the Advanced Linux Sound Architecture (ALSA) library versions before 1.2.16.1, specifically in the parse_def() function within src/conf.c. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, which causes the snd_config_delete() function to be called twice on the same already-freed memory node. This double-free condition leads to memory corruption, such as NULL-pointer writes or invalid memory reads.

Impact Analysis

This vulnerability can lead to memory corruption in the ALSA library, which may cause application crashes or unexpected behavior. Attackers who supply maliciously crafted ALSA configuration text can exploit this flaw to corrupt memory, potentially leading to denial of service or other unpredictable impacts on the system using the vulnerable library.

Mitigation Strategies

The primary mitigation step is to update the ALSA library to version 1.2.16.1 or later, where the double-free vulnerability in parse_def() has been fixed.

If updating immediately is not possible, avoid using or loading untrusted or maliciously crafted ALSA configuration files, as the vulnerability is triggered by specially crafted configuration text.

Applying the patch or upgrade from the official alsa-lib releases will prevent the double-free condition and associated memory corruption.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56109. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart