CVE-2026-46088

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA control component. Improper validation of the buffer length before a string length operation in the sndctleleminitenumnames function can lead to a system panic. This vulnerability could allow a local attacker to trigger...

CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

CVE-2026-46049

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdifpassthruplaybackgetresources uses atc-pllrate as the RSR for the MSR calculation loop. However, pllrate is only updated in atcpllinit and not in hwpllinit, so it remains 0...

CVE-2026-46048

The CVE-2026-46048 issue is in the Linux kernel ALSA caiaq driver. The bug caused a usb_dev reference leak when probe failed because private_free was assigned only later in init_card(), after several failure points. If init_card() returned early, snd_card_free(card) ran without a matching private...

CVE-2026-46004

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Handle probe errors properly The probe procedure of setupcard in caiaq driver doesn't treat the error cases gracefully, e.g. the error from sndcardregister calls sndcardfree but continues. This would lead to a UAF fo...

Linux Distros Unpatched Vulnerability : CVE-2026-46004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: caiaq: Handle probe errors properly The probe procedure of setupcard in caiaq driver doesn't treat the error cases gracefully, e.g. the error from...

PT-2026-43859

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Fix potentially leftover ep1 in urb at error path The previous fix for handling the error from setup card missed that an internal URB cdev-ep1 in urb might have been already submitted beforehand. In the normal case,...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Use sndcardfreewhenclosed when there is a disconnection. The USB disconnection callback should be short and not too long. Alternatively, the current code uses sndcardfree when there is a disconnection, but this waits...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fixed a possible null-pointer dereference due to a data race in sndhdacregmapsync. The variable codec-regmap is often protected by the codec-regmaplock when accessed. However, it is accessed without holding the lock wh...

CVE-2026-43437

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture PCM Pulse Code Modulation subsystem. A local attacker could exploit a use-after-free vulnerability by triggering a race condition when closing a linked audio stream. This could lead to system instability, denial of...

CVE-2026-43436

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB-audio driver, specifically within the Scarlett2 mixer quirk. A local attacker could exploit this vulnerability by providing a specially crafted, malformed USB descriptor. This could lead to a NULL dereference in the...

CVE-2026-43412

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA System on Chip ASoC subsystem, specifically within the Qualcomm qcom qdsp6 audio driver. During the stop and start process of the Audio Digital Signal Processor ADSP, an incorrect order of component removal can occur...

Linux Distros Unpatched Vulnerability : CVE-2026-43436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the preparesilenturb function in ALSA’s usb-audio library. This function does not validate the si...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fixed negative period/buffer sizes The calculation of the period size in the OSS layer may generate a negative value as an error. However, the code there assumes only positive values and handles them using sizet. ...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fixed the issue of null pointer dereferencing on the pointer csdesc. The pointer csdesc is returned from sndusbfindclocksource; this pointer may be null, resulting in a potential null pointer dereferencing issue...

EUVD-2026-26510

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a reference on it. The card's privatefree callback, sndusbcaiaqcardfree, ca...

PT-2026-36410

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization The recent refactoring of xfi driver changed the assignment of atc-daios at atc get resources; now it loops over all enum DAIOTYP entries while it looped formerly only a...

ALSA: fireworks: bound device-supplied status before string array lookup

...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012968)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012968 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedu...