Lucene search
K

364 matches found

RedHat Linux
RedHat Linux
added 2022/11/15 11:55 a.m.3 views

kernel: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM Do not call snddmafreepages when snddmaallocpages returns -ENOMEM because it leads to a NULL pointer dereference bug. The dmesg says: T1387 sof-audio-pci-intel-tgl...

5.5CVSS6.3AI score0.00247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.2 views

PT-2022-35253 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the ALSA usb-audio component. It was introduced in a specific commit and fixed in Linux Kernel version v5.15.75 by another commit. The actual impact and attack...

7.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/11/08 9:32 a.m.4 views

kernel: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()

A vulnerability was found in the Linux kernel's ASoC operations within the soc-ops.c file, where the function sndsocputvolsw fails to validate the range of values being set, results in out-of-bounds values to be accepted,...

7.1CVSS6.5AI score0.00234EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/11/08 9:32 a.m.3 views

kernel: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffermutex and mmaplock syzbot caught a potential deadlock between the PCM runtime-buffermutex and the mm-mmaplock. It was brought by the recent fix to cover the racy read/write and other...

5.5CVSS6.3AI score0.00192EPSS
Exploits0References5
OSV
OSV
added 2022/10/23 8:35 p.m.18 views

MGASA-2022-0379 Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.74 and fixes at least the following security issues: A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest VM...

8.8CVSS7.3AI score0.03763EPSS
Exploits8References11
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.4 views

PT-2022-33384 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.17 through v5.19.3 Description: The issue is related to the ASoC DPCM component. It was introduced in version v5.17 and fixed in version v5.19.4. The actual impact and attack plausibility have not yet been proven...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/05/12 12:0 a.m.5 views

PT-2024-11821 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel, specifically with the ASoC: ops, where the bounds checks in the snd soc put volsw sx function are only applied to the first channel. This mean...

9.1CVSS6.5AI score0.03702EPSS
Exploits12References1844
Positive Technologies
Positive Technologies
added 2022/05/12 12:0 a.m.6 views

PT-2024-11868 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A bounds check issue in the Linux kernel's ASoC: ops has been resolved. The issue involves the semantics of the max field for sx controls, where max represents the number of steps rath...

9.1CVSS6.7AI score0.03702EPSS
Exploits12References1787
Amazon
Amazon
added 2022/04/19 12:0 a.m.5 views

Important: kernel

Issue Overview: A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hwparams. The hwfree ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate...

7.8CVSS5AI score0.00582EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2022/02/01 12:0 a.m.7 views

The vulnerability of the Audio subsystem in operating systems such as iPadOS, watchOS, iOS, tvOS, and Mac OS allows a perpetrator to execute arbitrary code on the target system.

The vulnerability of the Audio subsystem in operating systems such as iPadOS, watchOS, iOS, tvOS, and Mac OS is caused by buffer overflows. Exploiting this vulnerability allows an attacker to execute arbitrary code in the target system using a specially created malware file...

7.8CVSS7.5AI score0.01861EPSS
Exploits0References6Affected Software5
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.6 views

Apple tvOS 缓冲区错误漏洞

Apple tvOS is an operating system for Smart TVs from Apple, Inc. tvOS suffers from a buffer error vulnerability that stems from a boundary error in the audio subsystem. A remote attacker could exploit the vulnerability to create a specially crafted audio file, trick the victim into opening it,...

8.8CVSS7.9AI score0.01861EPSS
Exploits0References10
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.4 views

Apple tvOS 缓冲区错误漏洞

Apple tvOS is an operating system for Smart TVs from Apple, Inc. tvOS suffers from a buffer error vulnerability that stems from a boundary condition in the audio subsystem. A remote attacker could exploit the vulnerability could create a specially crafted audio file, trick a victim into opening i...

5.5CVSS6.5AI score0.00878EPSS
Exploits0References11
OSV
OSV
added 2020/11/13 4:0 p.m.5 views

SUSE-SU-2020:3326-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25656: Fixed a concurrency use-after-free in vtdokdgkbioctl bnc1177766. - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in...

7.8CVSS7.4AI score0.06692EPSS
Exploits2References62
RedHat Linux
RedHat Linux
added 2020/09/29 10:31 p.m.7 views

kernel: use-after-free in sound/core/timer.c

A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct sndtimerinstance function fails the timer-maxinstances check leading to an invalid address. This could lead to a use-after-free vulnerability...

7.8CVSS7.1AI score0.00551EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/11/05 8:56 p.m.7 views

kernel: out-of-bounds in function build_audio_procunit in sound/usb/mixer.c

An out-of-bounds flaw was found in the ALSA usb-audio subsystem in the Linux kernel. An array boundary check was needed to restrict the array size; failing this can cause an out-of-bound access problem. Data confidentiality and integrity, as well as system availability, are all threats with this...

7.8CVSS7.1AI score0.00412EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/05/17 12:0 a.m.71 views

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3289-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3289-1 advisory. Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to...

7.8CVSS7.7AI score0.04544EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2017/05/16 4:12 p.m.79 views

USN-3289-1: QEMU vulnerabilities

Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2017-7377, CVE-2017-8086 Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A...

7.8CVSS7.7AI score0.04544EPSS
Exploits0
OSV
OSV
added 2017/05/16 4:12 p.m.3 views

USN-3289-1 qemu vulnerabilities

Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2017-7377, CVE-2017-8086 Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A...

7.8CVSS7.1AI score0.04544EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2014/10/14 12:0 a.m.32 views

CVE-2014-1577

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service...

6.4CVSS6.9AI score0.02841EPSS
Exploits0References4
CVE
CVE
added 2014/06/11 10:0 a.m.119 views

CVE-2014-1542

CVE-2014-1542 refers to a buffer overflow in the Speex resampler within the Web Audio subsystem of Mozilla Firefox, exploitable via crafted AudioBuffer parameters to achieve remote code execution. The vulnerability affects Firefox prior to version 30.0. The provided connected documents corroborat...

6.8CVSS9.5AI score0.05298EPSS
Exploits0References14Affected Software2
Rows per page
Query Builder