ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

...

SUSE CVE-2026-46146

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

Linux Distros Unpatched Vulnerability : CVE-2026-46146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to valida...

CVE-2026-46146

CVE-2026-46146 affects the Linux kernel's ALSA USB audio stack, specifically the convert_chmap_v3() routine. A loop uses cs_desc->wLength for increment but this value isn’t validated, allowing a potential endless loop with malformed descriptors. The issue is resolved by adding a proper size ch...

CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

EUVD-2026-32773

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

CVE-2026-46146

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

PT-2026-44269

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ALSA usb-audio component within the convert chmap v3 function. The function contains a loop that uses the cs desc-wLength variable to determine the increment size...

Astra Linux - уязвимость в thrift

In Apache Thrift, all versions up to and including 0.12.0, a server or client may encounter an infinite loop when processing specific input data. Since this issue was partially addressed in version 0.11.0, it only affects certain language bindings, depending on the installed version...

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service

Impact This is a significant Denial of Service DoS vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeate...

GHSA-2MGW-7Q6P-8GRG FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service

Impact This is a significant Denial of Service DoS vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeate...

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

RHEL 8 : freerdp (RHSA-2026:16777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16777 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

RHEL 8 : freerdp (RHSA-2026:16814)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16814 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

CVE-2026-31784

CVE-2026-31784 affects the Linux kernel, specifically the drm/xe/pxp component. The issue arises in pxp_start where a restart flag is not cleared, causing the function to potentially loop back to the start after reaching the end. This has been resolved by cherry-picking a fix from commit 0850ec7b...

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

CVE-2026-27951

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...

CVE-2026-27951 FreeRDP has possible Integer overflow in Stream_EnsureCapacity

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...