CVE-2026-23089

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ALSA subsystem, specifically in the snd usb mixer free() function. When snd usb create mixer() fails, the function frees mixer->id elems but the controls already added to the card continue to reference the freed memory. Subsequently, during snd card register(), the OSS mixer layer's callbacks access this freed memory, resulting in a use-after-free read condition. The call trace includes functions such as get ctl value(), get min max with quirks.isra.0(), mixer ctl feature info(), snd mixer oss build test(), snd card register(), and usb audio probe(). The issue is addressed by calling snd ctl remove() for all mixer controls before freeing id elems, ensuring the next pointer is saved first as snd ctl remove() frees the current element.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.