Impact
In the ALSA PCM subsystem of the Linux kernel, the function snd_pcm_drain() can corrupt the wait‑queue list when applied to linked audio streams. This corruption corrupts the internal queue structure and causes a null‑pointer dereference during a subsequent wake‑up, resulting in a kernel panic. The flaw is typified by CWE‑824 and leads directly to denial of service by crashing the kernel.
Affected Systems
All builds of the Linux kernel that include the ALSA PCM subsystem and have not yet merged the commit that replaces init_waitqueue_entry/add_wait_queue with init_wait_entry/prepare_to_wait/finish_wait are affected. This encompasses prior stable releases of both 5.x and 6.x series kernels until the wait‑queue fix is incorporated.
Risk and Exploitability
The CVSS score of 7.8 indicates a high severity. The EPSS score of less than 1% and the absence from CISA KEV suggest that exploitation is currently unlikely. Based on the description, it is inferred that triggering the flaw requires a user‑space process that calls snd_pcm_drain() on a linked stream, which is a local and privileged exploitation scenario. An attacker with local access or the ability to run arbitrary code in the user space can exploit the bug to crash the kernel, but no known remote exploitation technique is documented.
OpenCVE Enrichment
Debian DLA