Fedora Account System
Red Hat Associate
Red Hat Customer
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 ("ALSA: aloop: Fix racy access at PCM trigger") moved the peer lookup under cable->lock, but the actual snd_pcm_stop() still runs after dropping that lock. A concurrent close can clear the capture entry from cable->streams[] and detach or free its runtime while the playback trigger path still holds a stale peer substream pointer. Keep a per-cable count of in-flight peer stops before dropping cable->lock, and make free_cable() wait for those stops before detaching the runtime. This preserves the existing behavior while making the peer runtime lifetime explicit.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026052702-CVE-2026-46090-1211@gregkh/T
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:27354 https://access.redhat.com/errata/RHSA-2026:27354
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:27353 https://access.redhat.com/errata/RHSA-2026:27353
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:30848 https://access.redhat.com/errata/RHSA-2026:30848
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:33215 https://access.redhat.com/errata/RHSA-2026:33215
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:33685 https://access.redhat.com/errata/RHSA-2026:33685
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:33900 https://access.redhat.com/errata/RHSA-2026:33900
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:33899 https://access.redhat.com/errata/RHSA-2026:33899
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:34095 https://access.redhat.com/errata/RHSA-2026:34095
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:34094 https://access.redhat.com/errata/RHSA-2026:34094
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:34443 https://access.redhat.com/errata/RHSA-2026:34443
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:35844 https://access.redhat.com/errata/RHSA-2026:35844
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:35863 https://access.redhat.com/errata/RHSA-2026:35863
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:35896 https://access.redhat.com/errata/RHSA-2026:35896