Description
In the Linux kernel, the following vulnerability has been resolved:

ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger

Currently the runtime.oss.trigger field may be accessed concurrently
without protection, which may lead to the data race. And, in this
case, it may lead to more severe problem because it's a bit field; as
writing the data, it may overwrite other bit fields as well, which
confuses the operation completely, as spotted by fuzzing.

Fix it by covering runtime.oss.trigger bit fled also with the existing
params_lock mutex in both snd_pcm_oss_get_trigger() and
snd_pcm_oss_poll().
Published: 2026-05-28
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition exists in the Linux kernel’s ALSA PCM OSS interface where the runtime.oss.trigger field is accessed concurrently without mutex protection. Because this field is a bit field, concurrent writes can overwrite adjacent bits, corrupting the trigger state and causing the ALSA subsystem to behave unpredictably. The description does not explicitly state that kernel crashes or memory corruption result, but the data race may lead to incorrect operation of ALSA services.

Affected Systems

The vulnerability affects all Linux kernel releases that include the ALSA PCM OSS interface and have not yet incorporated the patch referenced in the commit identifiers. Standard distribution kernels that ship the OSS interface remain vulnerable until a kernel version containing the mutex protection is installed.

Risk and Exploitability

The CVSS score of 7.8 and the EPSS score of less than 1% indicate high severity and a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a local kernel race that requires access to the ALSA OSS functions such as get_trigger or poll. Executing this race condition may lead to corruption of ALSA runtime state or other kernel state, potentially impacting system stability or availability.

Generated by OpenCVE AI on June 9, 2026 at 23:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel update that contains the ALSA runtime.oss.trigger patch (e.g., upgrade to a kernel release that includes the mutex protection fix).
  • If the ALSA OSS interface is not needed, disable the snd-oss module or build the kernel without ALSA OSS support to eliminate the vulnerable code path.
  • Configure the system so that only trusted users or processes can access the ALSA OSS interface, for example by adjusting permissions or using container boundaries to limit exposure.

Generated by OpenCVE AI on June 9, 2026 at 23:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CPEs cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1136
CWE-847

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-820
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1136
CWE-847

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it may lead to more severe problem because it's a bit field; as writing the data, it may overwrite other bit fields as well, which confuses the operation completely, as spotted by fuzzing. Fix it by covering runtime.oss.trigger bit fled also with the existing params_lock mutex in both snd_pcm_oss_get_trigger() and snd_pcm_oss_poll().
Title ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:58:48.560Z

Reserved: 2026-05-13T15:03:33.102Z

Link: CVE-2026-46157

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:31.363

Modified: 2026-06-09T21:02:12.653

Link: CVE-2026-46157

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46157 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:45:15Z

Weaknesses
  • CWE-362

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  • CWE-820

    Missing Synchronization