← back
CVE-2026-56109

ALSA Library < 1.2.16.1 Double-Free via parse_def() in conf.c

CVSS 7 HIGHEPSS 0.1%CWE-415
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 7EPSS 0.1%KEV nãoPoC públicaNuclei Metasploit Patch referenciado
Lifecycle
22 Jun 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, causing snd_config_delete() to be called twice on the same already-freed node, resulting in a NULL-pointer write or invalid memory read.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Affected products
alsa-project · alsa-lib
public PoCs found1
cve_referencelore.kernel.org/alsa-devel/CAGt8pqBU0p2voB+qHxWGcNJrKHAcBhAyHUUBPLBN-Yj_SiV6MQ@mail.gmail.com/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/alsa-project/alsa-lib/commit/536dd6f8affdf5197c12a63a71c92a70b2833cc0https://github.com/alsa-project/alsa-lib/releases/tag/v1.2.16.1https://lore.kernel.org/alsa-devel/CAGt8pqBU0p2voB+qHxWGcNJrKHAcBhAyHUUBPLBN-Yj_SiV6MQ@mail.gmail.com/https://www.vulncheck.com/advisories/alsa-library-double-free-via-parse-def-in-conf-c