Race condition in Linux kernel - CVE-2026-53242
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper synchronization in snd_pcm_drain() when handling linked PCM streams during concurrent unlink operations. A local user can trigger concurrent drain and unlink activity to cause a denial of service.
The issue can corrupt wait queue lists and lead to a kernel panic through a NULL function pointer dereference during a subsequent wake-up.
How to mitigate CVE-2026-53242
Sources
- https://git.kernel.org/stable/c/7c71a9522555ff137a9ca36b15d759ca04d84788
- https://git.kernel.org/stable/c/88fe2e3658726cb21ff2dcf9770bf672f9b9d31b
- https://git.kernel.org/stable/c/b053fcd8912f06c30f932f5b8ec41c72de474695
- https://git.kernel.org/stable/c/cac5bf3500ee6422cf64e0df0b5daeecfed42917
- https://git.kernel.org/stable/c/cd98837db15f323463b8df07282ac723bd5c3fed
- https://git.kernel.org/stable/c/d68b621bb5a48051932f1017a6e1bc9b18f854d0
- https://git.kernel.org/stable/c/d842f26a167e77a36f3ed333b9fa99d36ef99fe6