CVE-2026-14330: Allocation of Resources Without Limits or Throttling in Red Hat Red Hat Enterprise Linux 10
Multiple unbounded alloca() calls in the PulseAudio protocol server.
AI Analysis
Technical Summary
This vulnerability involves multiple unbounded calls to alloca() within the PulseAudio protocol server component of Red Hat Enterprise Linux 10. The lack of limits or throttling on these allocations can result in excessive resource consumption, leading to denial of service conditions. The CVSS 3.1 base score is 5.5 (medium severity) with an attack vector of local, low attack complexity, requiring low privileges, no user interaction, and impacting availability only. The vendor advisory does not currently specify a remediation or patch status.
Potential Impact
The vulnerability allows an attacker with local access and low privileges to cause denial of service by exhausting system resources through unbounded memory allocations in the PulseAudio protocol server. There is no impact on confidentiality or integrity. No exploits are known in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-14330 for current remediation guidance. Until a fix is available, consider limiting access to the PulseAudio service and monitoring for abnormal resource usage. No official fix or temporary workaround is currently documented.
CVE-2026-14330: Allocation of Resources Without Limits or Throttling in Red Hat Red Hat Enterprise Linux 10
Description
Multiple unbounded alloca() calls in the PulseAudio protocol server.
CVSS v3.1
Score 5.5medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves multiple unbounded calls to alloca() within the PulseAudio protocol server component of Red Hat Enterprise Linux 10. The lack of limits or throttling on these allocations can result in excessive resource consumption, leading to denial of service conditions. The CVSS 3.1 base score is 5.5 (medium severity) with an attack vector of local, low attack complexity, requiring low privileges, no user interaction, and impacting availability only. The vendor advisory does not currently specify a remediation or patch status.
Potential Impact
The vulnerability allows an attacker with local access and low privileges to cause denial of service by exhausting system resources through unbounded memory allocations in the PulseAudio protocol server. There is no impact on confidentiality or integrity. No exploits are known in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-14330 for current remediation guidance. Until a fix is available, consider limiting access to the PulseAudio service and monitoring for abnormal resource usage. No official fix or temporary workaround is currently documented.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-07-01T12:29:58.653Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-14330","vendor":"Red Hat"}]
Threat ID: 6a45260a27e9c79719982a71
Added to database: 07/01/2026, 14:36:58 UTC
Last enriched: 07/01/2026, 14:54:29 UTC
Last updated: 07/01/2026, 23:17:36 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.