Impact
The ALSA library before version 1.2.16.1 contains a double‑free flaw in the parse_def() routine that corrupts memory when parsing maliciously crafted configuration text. The function fails to verify return values before invoking snd_config_delete() a second time on a node that has already been freed, potentially causing a NULL‑pointer write or an invalid memory read. This weakness, classified as CWE‑415, can lead to crashes or other unpredictable behavior driven by the corrupted memory state.
Affected Systems
The vulnerability impacts the ALSA library from the alsa-project:alsa-lib package on Linux systems running any version older than 1.2.16.1. All distributions that ship this older library, including common enterprise Linux distributions, are potentially affected if they use the bundled ALSA libraries.
Risk and Exploitability
The CVSS score of 7 indicates a high severity. No EPSS data is available and the issue is not listed in CISA’s KEV catalog, so no large‑scale exploitation has been reported. Based on the description, it is inferred that an attacker must supply malicious ALSA configuration text, which could be done locally by a user with permission to write into the ALSA configuration directories or by a vulnerable application that accepts user‑supplied configuration. Although no public exploit is documented, an attacker with the necessary privileges could trigger memory corruption and potentially destabilize the host. The risk is elevated in environments where privileged processes or users can load arbitrary configuration files.
OpenCVE Enrichment