CVE-2026-23191

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the ALSA aloop driver’s PCM trigger callback. The callback attempts to check the PCM state and stop the stream of a tied substream without proper locking, potentially leading to a use-after-free (UAF) condition when a program frequently triggers while opening or closing the tied stream. The issue arises from performing checks and stop operations outside the cable lock. The fix involves covering code within loopback check format() with the cable->lock spinlock and adding null checks, as well as verifying the state of the capture PCM stream.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.