Hu Jiahui

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the sound subsystem of the Linux kernel and involves incorrect handling of concurrent PCM hw params calls. This can allow an attacker to access confidential data, compromise data integrity, and cause a denial of service. A local user can potentially crash the system or escalate their privileges due to a use-after-free flaw in the sound subsystem. The flaw occurs when a user triggers concurrent calls of PCM hw params, leading to a race condition inside ALSA PCM for other ioctls. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the Advanced Linux Sound Architecture (ALSA) in the Linux kernel, where concurrent calls to `hw params` and `hw free` ioctls can result in a use-after-free (UAF) condition due to the lack of proper checks or protection. This is because the existing PCM stream lock cannot protect the entire ioctl operation. To address this, a new mutex called `runtime->buffer mutex` has been introduced to protect these concurrent calls. **Recommendations** For the affected Linux kernel versions, applying the patch that introduces the `runtime->buffer mutex` and modifies the `hw params` and `hw free` ioctl code paths is recommended. This involves updating the kernel with the fix that includes the new mutex and the modified functions for code simplicity.