An error in the Linux kernel media driver for cx88 caused a DMA buffer that was mapped under snd_cx88_hw_params() to remain mapped when an error occurred, because the unmap routine was omitted. The resulting resource leak can exhaust kernel DMA resources or memory, potentially destabilizing the system or rendering the audio subsystem unavailable. The flaw does not directly expose data or elevate privileges, but it creates an avenue for a local user to trigger a denial‑of‑service attack by repeatedly invoking ALSA configuration routines that exercise the faulty code path.

The vulnerability affects the cx88 media device driver within the Linux kernel. Any system that loads the current cx88 driver and runs audio applications that call snd_cx88_hw_params() before the patch was applied is potentially impacted. The fix was applied in the repository via the commits referenced in the advisory; systems should upgrade to a kernel revision that contains these commits.

The exploitability of this flaw is limited to local execution contexts that can invoke the ALSA API; an attacker would need to run a userspace audio program that triggers the error path in snd_cx88_hw_params(). EPSS is not available, and the flaw is not listed in CISA KEV, so the published exploitation probability is unknown. Nonetheless, because the vulnerability can lead to resource exhaustion and system instability, the risk is considered moderate to high for affected installations. No known public exploits have been reported.