Skip to content

[Security] Segmentation Fault DoS in snd_config_load_string via corrupted linked list pointer #514

Description

@eglonnnn

Description

A segmentation fault vulnerability in alsa-lib v1.2.15.3. When snd_config_load_string() parses a crafted ALSA configuration text, the parser produces an inconsistent linked-list state during array/composite node handling, causing list_del() to access an uninitialized pointer and trigger a SEGV.

Impact

  • Denial-of-service via process crash
  • Any application processing untrusted ALSA configuration text is affected

Reproduction

All materials are available in my research repository:

https://github.com/eglonnnn/opensource-fuzz-vulnerability-research/tree/main/SEGV%20in%20alsa-lib%20snd_config_load_string

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions