CVE-2026-53241

Source
https://cve.org/CVERecord?id=CVE-2026-53241
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53241.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53241
Downstream
Published
2026-06-25T08:39:36.482Z
Modified
2026-07-08T08:07:24.693912812Z
Summary
ALSA: seq: dummy: fix UMP event stack overread
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: seq: dummy: fix UMP event stack overread

The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to subscribers. That legacy event storage is smaller than struct sndseqump_event.

When a UMP event reaches the dummy client, the copy leaves the UMP flag set but only provides legacy-sized stack storage. The subscriber delivery path then uses sndseqeventpacketsize() and copies a UMP-sized packet from that stack object, reading past the end of the temporary.

Use the existing union __sndseqevent storage and copy the packet size reported for the incoming event before rewriting the common routing fields. This preserves the full UMP packet for UMP events while keeping legacy event handling unchanged.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53241.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
32cb23a0f911317cdb5030035e49a204aa86fef5
Fixed
a7ef78a2c536242ccb7a4429da01580b2409bb24
Fixed
6671a46144f880c5a167930ebb14c12f3d059fe9
Fixed
6676b6063440561db600494049ce7ffb695c8cc4
Fixed
2b5ff4db5d7aa5b981d966df02e687f79ad7b311

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53241.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.10.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53241.json"