CVE-2026-23191

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: aloop: Fix racy access at PCM trigger<br /> <br /> The PCM trigger callback of aloop driver tries to check the PCM state<br /> and stop the stream of the tied substream in the corresponding cable.<br /> Since both check and stop operations are performed outside the cable<br /> lock, this may result in UAF when a program attempts to trigger<br /> frequently while opening/closing the tied stream, as spotted by<br /> fuzzers.<br /> <br /> For addressing the UAF, this patch changes two things:<br /> - It covers the most of code in loopback_check_format() with<br /> cable-&gt;lock spinlock, and add the proper NULL checks. This avoids<br /> already some racy accesses.<br /> - In addition, now we try to check the state of the capture PCM stream<br /> that may be stopped in this function, which was the major pain point<br /> leading to UAF.