CVE-2026-53242

In the Linux kernel, the following vulnerability has been resolved:

ALSA: PCM: Fix wait queue list corruption in snd pcm drain() on linked streams

snd pcm drain() uses init waitqueue entry which does not clear entry.prev/next, and add wait queue with a conditional remove wait queue that is skipped when to check is no longer in the group after concurrent UNLINK. The orphaned wait entry remains on the unlinked substream sleep queue. On the next drain iteration, add wait queue adds the entry to a new queue while still linked on the old one, corrupting both lists. A subsequent wake up dereferences NULL at the func pointer (mapped from the spinlock at offset 0 of the misinterpreted wait queue head t), causing a kernel panic.

Replace init waitqueue entry/add wait queue/conditional remove wait queue with init wait entry/prepare to wait/ finish wait. init wait entry clears prev/next via INIT LIST HEAD on each iteration and sets autoremove wake function which auto-removes the entry on wake-up. finish wait safely handles both the already-removed and still-queued cases.