Description
The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, causing snd_config_delete() to be called twice on the same already-freed node, resulting in a NULL-pointer write or invalid memory read.
Published: 2026-06-22
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ALSA library before version 1.2.16.1 contains a double‑free flaw in the parse_def() routine that corrupts memory when parsing maliciously crafted configuration text. The function fails to verify return values before invoking snd_config_delete() a second time on a node that has already been freed, potentially causing a NULL‑pointer write or an invalid memory read. This weakness, classified as CWE‑415, can lead to crashes or other unpredictable behavior driven by the corrupted memory state.

Affected Systems

The vulnerability impacts the ALSA library from the alsa-project:alsa-lib package on Linux systems running any version older than 1.2.16.1. All distributions that ship this older library, including common enterprise Linux distributions, are potentially affected if they use the bundled ALSA libraries.

Risk and Exploitability

The CVSS score of 7 indicates a high severity. No EPSS data is available and the issue is not listed in CISA’s KEV catalog, so no large‑scale exploitation has been reported. Based on the description, it is inferred that an attacker must supply malicious ALSA configuration text, which could be done locally by a user with permission to write into the ALSA configuration directories or by a vulnerable application that accepts user‑supplied configuration. Although no public exploit is documented, an attacker with the necessary privileges could trigger memory corruption and potentially destabilize the host. The risk is elevated in environments where privileged processes or users can load arbitrary configuration files.

Generated by OpenCVE AI on June 22, 2026 at 19:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ALSA library to version 1.2.16.1 or later.
  • Restrict write access to ALSA configuration directories so that only trusted users can create or modify configuration files.
  • Monitor system logs and application behavior for crashes or abnormal memory usage that may indicate memory corruption.

Generated by OpenCVE AI on June 22, 2026 at 19:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Alsa-project
Alsa-project alsa-lib
Vendors & Products Alsa-project
Alsa-project alsa-lib

Mon, 22 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 22 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, causing snd_config_delete() to be called twice on the same already-freed node, resulting in a NULL-pointer write or invalid memory read.
Title ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c
Weaknesses CWE-415
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Alsa-project Alsa-lib
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-22T17:29:23.873Z

Reserved: 2026-06-18T19:15:10.650Z

Link: CVE-2026-56109

cve-icon Vulnrichment

Updated: 2026-06-22T17:29:18.270Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T20:15:04Z

Weaknesses