Vulnerability Details CVE-2026-53242
In the Linux kernel, the following vulnerability has been resolved:
ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams
snd_pcm_drain() uses init_waitqueue_entry which does not clear
entry.prev/next, and add_wait_queue with a conditional
remove_wait_queue that is skipped when to_check is no longer
in the group after concurrent UNLINK. The orphaned wait entry
remains on the unlinked substream sleep queue. On the next
drain iteration, add_wait_queue adds the entry to a new queue
while still linked on the old one, corrupting both lists. A
subsequent wake_up dereferences NULL at the func pointer
(mapped from the spinlock at offset 0 of the misinterpreted
wait_queue_head_t), causing a kernel panic.
Replace init_waitqueue_entry/add_wait_queue/conditional
remove_wait_queue with init_wait_entry/prepare_to_wait/
finish_wait. init_wait_entry clears prev/next via
INIT_LIST_HEAD on each iteration and sets
autoremove_wake_function which auto-removes the entry on
wake-up. finish_wait safely handles both the already-removed
and still-queued cases.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 3.6%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2026-53242
-
cpe:2.3:o:linux:linux_kernel:5.10.253
-
cpe:2.3:o:linux:linux_kernel:5.10.254
-
cpe:2.3:o:linux:linux_kernel:5.10.255
-
cpe:2.3:o:linux:linux_kernel:5.10.257
-
cpe:2.3:o:linux:linux_kernel:5.10.258
-
cpe:2.3:o:linux:linux_kernel:6.1.167
-
cpe:2.3:o:linux:linux_kernel:6.1.168
-
cpe:2.3:o:linux:linux_kernel:6.1.169
-
cpe:2.3:o:linux:linux_kernel:6.1.170
-
cpe:2.3:o:linux:linux_kernel:6.1.171
-
cpe:2.3:o:linux:linux_kernel:6.1.174
-
cpe:2.3:o:linux:linux_kernel:6.1.175
-
cpe:2.3:o:linux:linux_kernel:6.12.78
-
cpe:2.3:o:linux:linux_kernel:6.12.80
-
cpe:2.3:o:linux:linux_kernel:6.12.81
-
cpe:2.3:o:linux:linux_kernel:6.12.82
-
cpe:2.3:o:linux:linux_kernel:6.12.83
-
cpe:2.3:o:linux:linux_kernel:6.12.84
-
cpe:2.3:o:linux:linux_kernel:6.12.85
-
cpe:2.3:o:linux:linux_kernel:6.12.86
-
cpe:2.3:o:linux:linux_kernel:6.12.87
-
cpe:2.3:o:linux:linux_kernel:6.12.88
-
cpe:2.3:o:linux:linux_kernel:6.12.91
-
cpe:2.3:o:linux:linux_kernel:6.18.19
-
cpe:2.3:o:linux:linux_kernel:6.18.20
-
cpe:2.3:o:linux:linux_kernel:6.18.21
-
cpe:2.3:o:linux:linux_kernel:6.18.22
-
cpe:2.3:o:linux:linux_kernel:6.18.23
-
cpe:2.3:o:linux:linux_kernel:6.18.24
-
cpe:2.3:o:linux:linux_kernel:6.18.25
-
cpe:2.3:o:linux:linux_kernel:6.18.26
-
cpe:2.3:o:linux:linux_kernel:6.18.28
-
cpe:2.3:o:linux:linux_kernel:6.18.29
-
cpe:2.3:o:linux:linux_kernel:6.18.30
-
cpe:2.3:o:linux:linux_kernel:6.18.33
-
cpe:2.3:o:linux:linux_kernel:6.19.10
-
cpe:2.3:o:linux:linux_kernel:6.19.11
-
cpe:2.3:o:linux:linux_kernel:6.19.12
-
cpe:2.3:o:linux:linux_kernel:6.19.13
-
cpe:2.3:o:linux:linux_kernel:6.19.14
-
cpe:2.3:o:linux:linux_kernel:6.19.9
-
cpe:2.3:o:linux:linux_kernel:6.6.130
-
cpe:2.3:o:linux:linux_kernel:6.6.131
-
cpe:2.3:o:linux:linux_kernel:6.6.134
-
cpe:2.3:o:linux:linux_kernel:6.6.135
-
cpe:2.3:o:linux:linux_kernel:6.6.136
-
cpe:2.3:o:linux:linux_kernel:6.6.137
-
cpe:2.3:o:linux:linux_kernel:6.6.138
-
cpe:2.3:o:linux:linux_kernel:6.6.140
-
cpe:2.3:o:linux:linux_kernel:6.6.141
-
cpe:2.3:o:linux:linux_kernel:7.0
-
cpe:2.3:o:linux:linux_kernel:7.0.1
-
cpe:2.3:o:linux:linux_kernel:7.0.10
-
cpe:2.3:o:linux:linux_kernel:7.0.2
-
cpe:2.3:o:linux:linux_kernel:7.0.3
-
cpe:2.3:o:linux:linux_kernel:7.0.5
-
cpe:2.3:o:linux:linux_kernel:7.0.6
-
cpe:2.3:o:linux:linux_kernel:7.1