Description
In the Linux kernel, the following vulnerability has been resolved:

ALSA: seq: dummy: fix UMP event stack overread

The dummy sequencer port forwards events by copying an incoming
struct snd_seq_event into a stack temporary, rewriting source and
destination, and dispatching the temporary to subscribers. That legacy
event storage is smaller than struct snd_seq_ump_event.

When a UMP event reaches the dummy client, the copy leaves the UMP flag
set but only provides legacy-sized stack storage. The subscriber
delivery path then uses snd_seq_event_packet_size() and copies a
UMP-sized packet from that stack object, reading past the end of the
temporary.

Use the existing union __snd_seq_event storage and copy the packet size
reported for the incoming event before rewriting the common routing
fields. This preserves the full UMP packet for UMP events while keeping
legacy event handling unchanged.
Published: 2026-06-25
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ALSA dummy sequencer port incorrectly copied a smaller legacy event structure for an UMP event and then read a larger UMP packet from the same stack buffer. This caused the process to read past the end of the temporary stack object, exposing kernel stack contents and potentially leading to a crash. The flaw is a classic buffer overread weakness that could be leveraged by an attacker to obtain sensitive data or to destabilize the system.

Affected Systems

All Linux kernels that contain the ALSA sequencer module without the commit that implements the fix are affected. The patch is referenced via several kernel commit IDs and is intended to ensure the correct union storage is used. Users running any kernel version prior to the inclusion of those commits are susceptible.

Risk and Exploitability

The vulnerability is local to the ALSA subsystem; an attacker who can send crafted UMP events to the dummy client could trigger the overread. EPSS and KEV scores are not provided. No CVSS score is included in the data. The attack does not require network access, so the risk depends on the ability of local users or processes to interact with ALSA. If exploited, it could allow data leakage or a denial of service by crashing a user or service that engages with ALSA.

Generated by OpenCVE AI on June 25, 2026 at 11:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that implements the fix (see the commit references in the advisory) or upgrade to a kernel release that contains the patches.
  • Verify that the dummy sequencer path no longer overreads by testing with a crafted UMP event or checking kernel logs for related errors.
  • If an immediate kernel upgrade is the ALSA dummy sequencer port or restrict UMP event traffic by adjusting ALSA configuration or using access controls to mitigate exposure.

Generated by OpenCVE AI on June 25, 2026 at 11:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-839

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct snd_seq_event into a stack temporary, rewriting source and destination, and dispatching the temporary to subscribers. That legacy event storage is smaller than struct snd_seq_ump_event. When a UMP event reaches the dummy client, the copy leaves the UMP flag set but only provides legacy-sized stack storage. The subscriber delivery path then uses snd_seq_event_packet_size() and copies a UMP-sized packet from that stack object, reading past the end of the temporary. Use the existing union __snd_seq_event storage and copy the packet size reported for the incoming event before rewriting the common routing fields. This preserves the full UMP packet for UMP events while keeping legacy event handling unchanged.
Title ALSA: seq: dummy: fix UMP event stack overread
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:36.482Z

Reserved: 2026-06-09T07:44:35.393Z

Link: CVE-2026-53241

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T11:15:10Z

Weaknesses
  • CWE-125

    Out-of-bounds Read

  • CWE-839

    Numeric Range Comparison Without Minimum Check