517 matches found
UBUNTU-CVE-2025-68346
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...
CVE-2025-68346
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...
CVE-2025-68346
The CVE-2025-68346 vulnerability affects the Linux kernel ALSA: dice driver. The root cause is a missing validation of stream_count read from a FireWire device in detect_stream_formats(), which can allow out-of-bounds writes if stream_count exceeds MAX_STREAMS. The fix adds the same validation to...
CVE-2025-68346 ALSA: dice: fix buffer overflow in detect_stream_formats()
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...
CVE-2025-68347 ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header...
CVE-2025-68347
CVE-2025-68347 affects the Linux kernel ALSA: firewire-motu subsystem. The vulnerability is in hwdep_read() DSP event handling, where copying could overflow the user buffer if the user buffer is smaller than the event header (8 bytes). The fix clamps the copy size using min_t() to ensure no more ...
CVE-2025-68346
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...
CVE-2025-68346 ALSA: dice: fix buffer overflow in detect_stream_formats()
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...
CVE-2025-68347 ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header...
Linux Distros Unpatched Vulnerability : CVE-2025-68347
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than...
Linux Distros Unpatched Vulnerability : CVE-2025-68346
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without...
PT-2025-52883
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Windows affected versions not specified Description A flaw exists in the Linux kernel related to ALSA and firewire-motu, specifically a buffer overflow in the hwdep read function when handling DSP...
PT-2025-52882
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The detect stream formats function in the ALSA driver for Digital Interface Communication Engine dice devices does not validate the stream count value received from a FireWire device. A...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990915)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990915 advisory. In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch i...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990434)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990434 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transactio...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990466)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990466 advisory. In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988728)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988728 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transactio...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989497)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989497 advisory. In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990231)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990231 advisory. In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988941)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988941 advisory. In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch i...