CVE-2026-53192

In the Linux kernel, the following vulnerability has been resolved:

ALSA: timer: Fix UAF at snd timer user params()

At releasing a timer object, e.g. when a userspace timer (CONFIG SND UTIMER) gets closed and snd timer free() is called, it tries to detach the timer instances and release the resources. However, it's still possible that other in-flight tasks are holding the timer instance where the to-be-deleted timer object is associated, and this may lead to racy accesses.

Fortunately, most of ioctls dealing with the timer instance list already have the protection with register mutex, and this also avoids such races. But, SNDRV TIMER IOCTL PARAMS isn't protected, hence the concurrent ioctl may lead to use-after-free.

This patch just adds the guard with register mutex to protect snd timer user params() for covering the code path as a quick workaround. It's no hot-path but rather a rarely issued ioctl, so the performance penalty doesn't matter.