{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "32cb23a0f911317cdb5030035e49a204aa86fef5"
            },
            {
              "fixed": "a7ef78a2c536242ccb7a4429da01580b2409bb24"
            },
            {
              "fixed": "6671a46144f880c5a167930ebb14c12f3d059fe9"
            },
            {
              "fixed": "6676b6063440561db600494049ce7ffb695c8cc4"
            },
            {
              "fixed": "2b5ff4db5d7aa5b981d966df02e687f79ad7b311"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.10.0"
            },
            {
              "fixed": "6.12.94"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.36"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "7.0.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53241.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: seq: dummy: fix UMP event stack overread\n\nThe dummy sequencer port forwards events by copying an incoming\nstruct snd_seq_event into a stack temporary, rewriting source and\ndestination, and dispatching the temporary to subscribers. That legacy\nevent storage is smaller than struct snd_seq_ump_event.\n\nWhen a UMP event reaches the dummy client, the copy leaves the UMP flag\nset but only provides legacy-sized stack storage. The subscriber\ndelivery path then uses snd_seq_event_packet_size() and copies a\nUMP-sized packet from that stack object, reading past the end of the\ntemporary.\n\nUse the existing union __snd_seq_event storage and copy the packet size\nreported for the incoming event before rewriting the common routing\nfields. This preserves the full UMP packet for UMP events while keeping\nlegacy event handling unchanged.",
  "id": "CVE-2026-53241",
  "modified": "2026-07-09T03:51:20.479279553Z",
  "published": "2026-06-25T08:39:36.482Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2b5ff4db5d7aa5b981d966df02e687f79ad7b311"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6671a46144f880c5a167930ebb14c12f3d059fe9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6676b6063440561db600494049ce7ffb695c8cc4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a7ef78a2c536242ccb7a4429da01580b2409bb24"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53241.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53241"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "summary": "ALSA: seq: dummy: fix UMP event stack overread"
}