CVE-2026-43437

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the ALSA pcm component within the snd pcm drain() function. In the drain loop, the runtime variable is reassigned to a linked stream's runtime. After the stream lock is released, the system accesses runtime->no period wakeup, runtime->rate, and runtime->buffer size without a lock or reference count to protect the lifetime of the linked stream's runtime. A concurrent close() operation on the linked stream's file descriptor can trigger a sequence of functions ending in kfree(runtime), allowing the drain path to dereference a stale pointer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.