578 matches found
CVE-2026-25271 Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service
Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use...
CVE-2026-45258
dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to ...
CVE-2026-45258
The CVE-2026-45258 issue affects FreeBSD sound(4) mmap support. dsp_mmap_single() overflows when validating the requested mapping because offset+length can wrap the size check, and the offset is reduced from 64 to 32 bits for the buffer address, allowing a mapping that extends past the audio buff...
CVE-2026-49417
CVE-2026-49417 is part of two memory-safety issues in FreeBSD’s sound(4) mmap path. The advisories describe: (1) dsp_mmap_single() could overflow when validating a requested mapping, allowing a mapping to extend past the audio buffer into kernel memory (CVE-2026-45258), and (2) the audio buffer b...
CVE-2026-53161
The CVE-2026-53161 entry concerns a use-after-free in the Linux kernel fastrpc subsystem. A race between fastrpc_device_release() (on file close) and the workqueue processing DSP responses can free the fastrpc_user while an in-flight DSP invocation is completing, leading to dereferencing freed co...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A race condition flaw was discovered in the Linux kernel sound subsystem due to improper locking mechanisms. This could lead to a NULL pointer derefrence during the handling of the SNDCTLDSPSYNC ioctl command. A privileged local user such as root or a member of the audio group could exploit this...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: mISDN: a possible memory leak in mISDNdspelementregister has been fixed. After committing 1fa5ae857bb1 "driver core: get rid of struct device’s busid string array", the name of the device is allocated dynamically. Use putdevic...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Firmware: csdsp: Fixed out-of-bounds memory read access in KUnit tests wmfw info KASAN reported an out-of-bounds access – csdspmockwmfwaddinfo, because the length of the source string was rounded up to the allocation size...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Firmware: csdsp: Fixed an out-of-bounds memory read access in KUnit tests ctlcache. KASAN reported an out-of-bounds access: csdspctlcacheinitmultipleoffsets. The code used mockcoefftemplate.lengthbytes 4 bytes for register value...
FreeBSD-SA-26:27.sound
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:27.sound Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in the sound4 mmap path Category: core Module: sound Announced: 2026-06-09...
CVE-2026-25260 Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications...
CVE-2026-25259 Out-of-bounds Write in DSP Service
Memory corruption while processing multiple IOCTL command for escape operations...
CVE-2026-25258 Out-of-bounds Read in DSP Service
Memory corruption while processing IOCTL calls for escape operations...
CVE-2026-25258 Out-of-bounds Read in DSP Service
Memory corruption while processing IOCTL calls for escape operations...
kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header...
Important: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header...
Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016773)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016773 advisory. An issue was discovered in SoX 14.4.2. lsxmakelpf in effectidsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu – added a bounds check in the putuser loop for DSP events. In the DSP event handling code, the putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it may overwrite data beyond...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxdsprproc: Added mutex protection for workqueue The workqueue may execute late, even after remoteproc is stopped or disabled. Some resources such as the rpmsg device and endpoint have been released in...