98 matches found
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CVE-2026-52964
A flaw was found in the Linux kernel's ALSA USB audio component. The USB MIDI 2.0 endpoint parser, responsible for handling audio device descriptors, failed to properly validate the length of these descriptors. This vulnerability could allow a local attacker, by connecting a specially crafted...
EUVD-2026-38832
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers during parsing of Scarlett2 mixer interfaces The Scarlett2 mixer has a quirky behavior in the USB-audio driver; it may encounter a NULL dereference when a malformed USB descriptor is passed...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed out-of-bounds reads when finding clock sources The current USB-audio driver code does not check the bLength of each descriptor during traversal for clock descriptors. This means that when a device provides ...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: Fixed deadlocks that occurred during the removal of kctl elements at disconnection. In sndcarddisconnect, we set the card-shutdown flag at the beginning, called callbacks, and performed synchronization for the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Check for a null pointer of the pointer substream before dereferencing it. The pointer substream is dereferenced during the assignment of the pointer to the card. This occurs before the substream is checked for nullnes...
EUVD-2026-34124
In the Linux kernel, the following vulnerability has been resolved: ASoC: fslxcvr: Revert fix missing lock in fslxcvrmodeput This reverts commit f51424872760 "ASoC: fslxcvr: fix missing lock in fslxcvrmodeput". The original patch attempted to acquire the card-controlsrwsem lock in fslxcvrmodeput...
CVE-2026-46146
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...
EUVD-2026-32399
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: stop parsing UAC2 rates at MAXNRRATES parseuac2sampleraterange caps the number of enumerated rates at MAXNRRATES, but it only breaks out of the current rate loop. A malformed UAC2 RANGE response with additional...
CVE-2026-46018 ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: stop parsing UAC2 rates at MAXNRRATES parseuac2sampleraterange caps the number of enumerated rates at MAXNRRATES, but it only breaks out of the current rate loop. A malformed UAC2 RANGE response with additional...
SUSE CVE-2026-43279
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But whe...
EUVD-2026-28742
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a malformed USB descriptor is passed, since it assumes the presence of an...
CVE-2026-43279
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But whe...
CVE-2026-43279
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But whe...
CVE-2026-43279
The CVE-2026-43279 entry concerns the Linux kernel ALSA USB-audio subsystem. A discrepancy between playback and capture stream setups (e.g., USB core max packet size) can cause out-of-bounds writes to the buffer, potentially crashing the system. A fix was implemented by adding a sanity check of t...
SUSE CVE-2026-31777
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daiodeviceindex, but it's not always true. Add a proper error check to deal with the error from the function...
PT-2026-37619
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA usb-audio component where the system blindly assumes received packets fit the buffer size when silencing playback URB USB Request Block packets in implicit fb...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007020)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007020 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007444)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007444 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'addwidgetnode' As 'kobjectadd' may allocated memory for...