Description
In the Linux kernel, the following vulnerability has been resolved:

ALSA: seq: dummy: fix UMP event stack overread

The dummy sequencer port forwards events by copying an incoming
struct snd_seq_event into a stack temporary, rewriting source and
destination, and dispatching the temporary to subscribers. That legacy
event storage is smaller than struct snd_seq_ump_event.

When a UMP event reaches the dummy client, the copy leaves the UMP flag
set but only provides legacy-sized stack storage. The subscriber
delivery path then uses snd_seq_event_packet_size() and copies a
UMP-sized packet from that stack object, reading past the end of the
temporary.

Use the existing union __snd_seq_event storage and copy the packet size
reported for the incoming event before rewriting the common routing
fields. This preserves the full UMP packet for UMP events while keeping
legacy event handling unchanged.
Published: 2026-06-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ALSA dummy sequencer port forwarded UMP events by copying a legacy‑sized event structure onto the stack, then treating the copy as a larger UMP packet and reading past the limit. This buffer overread (CWE‑125) can expose kernel stack contents and may trigger a kernel crash.

Affected Systems

All Linux kernels that include the ALSA sequencer module without the commit that implements the fix are affected. Users running any kernel version prior to the inclusion of those commits are susceptible, regardless of vendor or distribution.

Risk and Exploitability

The flaw is local to the ALSA subsystem; an attacker who can craft and send UMP events to the dummy client can trigger the overread. The CVSS score is 5.5, indicating moderate severity, and the EPSS score is < 1%, showing a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. If exploited, it could lead denial of service by crashing a user or service that engages with ALSA.

Generated by OpenCVE AI on June 26, 2026 at 16:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that implements the fix or upgrade to a kernel release that contains the commit (e.g., 2b5ff4db5d7aa5b981d966df02e687f79ad7b311).
  • If upgrading is not feasible, disable the ALSA dummy sequencer module or use access control to restrict which users or processes can send UMP events to the dummy client.
  • Ensure that only trusted users or processes have permission to access ALSA devices and monitor for unexpected UMP traffic to detect potential exploitation attempts.

Generated by OpenCVE AI on June 26, 2026 at 16:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-839

Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-839

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct snd_seq_event into a stack temporary, rewriting source and destination, and dispatching the temporary to subscribers. That legacy event storage is smaller than struct snd_seq_ump_event. When a UMP event reaches the dummy client, the copy leaves the UMP flag set but only provides legacy-sized stack storage. The subscriber delivery path then uses snd_seq_event_packet_size() and copies a UMP-sized packet from that stack object, reading past the end of the temporary. Use the existing union __snd_seq_event storage and copy the packet size reported for the incoming event before rewriting the common routing fields. This preserves the full UMP packet for UMP events while keeping legacy event handling unchanged.
Title ALSA: seq: dummy: fix UMP event stack overread
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:36.482Z

Reserved: 2026-06-09T07:44:35.393Z

Link: CVE-2026-53241

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53241 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T16:30:03Z

Weaknesses